Secure messaging

US 8,166,299 B2
Filed: 07/06/2004
Issued: 04/24/2012
Est. Priority Date: 07/06/2004
Status: Active Grant

First Claim

Patent Images

1. A method for secure electronic communication of an email message from an originator to a recipient, said method comprising the steps of:

said originator removing a security sensitive portion of the message;

said originator employing a first network connection to send the removed portion to an externally accessible store, said externally accessible store being operative to grant access to said stored removed portion upon presentation of a two factor authentication, the two factors comprising an authentication code and a reference code;

said originator employing email to send the residue of the message, along with one, only, of the two factors and notification that said removed portion is in said store, via an external Internet connection to said recipient;

said originator employing a second external network connection to send another, only, of the two factors to said recipient separately from the one factor;

said recipient receiving said one of the two factors and said notification by said email and said recipient receiving said another of the two factors, by said second external network, separately from said email;

said recipient accessing said external store; and

said recipient employing a third external network connection to provide said externally accessible store with the necessary two factor authentication comprising said reference code and said authentication code and for said store to grant external access to said removed portion.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A messaging method and system sends secure emails (14) by the email originator (10) removing the portion of the email (14) which is confidential (24) from the body of the email (14). The removed portion (24) is sent to a secure storage site (30). The residue (20) of the email (14) is sent to the intended recipient (12), together with a notification (22) that the confidential portion (24) is at the secure site (30). Secure storage site 30 then sends a SMS text message (38) to the recipient'"'"'s mobile phone (44) which has an authentication code (38) which the recipient (12) uses to establish identity and retrieve the confidential portion (24) of the email message (14) from the secure store (30). The secure store (30) emails the originator with notification (60) when the recipient (12) retrieves the secure portion (24) of the email message (14).

57 Citations

View as Search Results

22 Claims

1. A method for secure electronic communication of an email message from an originator to a recipient, said method comprising the steps of:
- said originator removing a security sensitive portion of the message;
  
  said originator employing a first network connection to send the removed portion to an externally accessible store, said externally accessible store being operative to grant access to said stored removed portion upon presentation of a two factor authentication, the two factors comprising an authentication code and a reference code;
  
  said originator employing email to send the residue of the message, along with one, only, of the two factors and notification that said removed portion is in said store, via an external Internet connection to said recipient;
  
  said originator employing a second external network connection to send another, only, of the two factors to said recipient separately from the one factor;
  
  said recipient receiving said one of the two factors and said notification by said email and said recipient receiving said another of the two factors, by said second external network, separately from said email;
  
  said recipient accessing said external store; and
  
  said recipient employing a third external network connection to provide said externally accessible store with the necessary two factor authentication comprising said reference code and said authentication code and for said store to grant external access to said removed portion.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 20, 22)
- - 2. A method, according to claim 1, wherein said first network connection includes at least one of:
    - a secure Internet connection;
      
      a secure Internet connection using encryption;
      
      a secure Internet connection including a Secure Socket Layer (SSL);
      
      a secure network connection; and
      
      a secure network connection including encryption.
  - 3. A method, according to claim 1, wherein said second network connection includes connection through a gateway;
    - said gateway comprising at least one of;
      
      a cellular telephone network;
      
      a cellular telephone network selectably operable to send said another only of the two factors to said recipient as a visually readable short message service text message;
      
      a Microsoft Passport network, said method including the step of sending said another only of the two factors via said recipient'"'"'s passport;
      
      a Microsoft Messenger network, said method including the step of sending said another only of the two factors as an instant message;
      
      a pager network, said method including the step of sending said another only of the two factors as a pager message;
      
      a voice network, said method including the step of generating said another only of the two factors as a synthesised voice message; and
      
      a network operative to send said another only of the two factors as Unstructured Supplementary Service Data (USSD).
  - 4. A method, according to claim 2, wherein said second network connection includes connection through a gateway;
    - said gateway comprising at least one of;
      
      a cellular telephone network;
      
      a cellular telephone network selectably operable to send said another only of the two factors to said recipient as a visually readable short message service text message;
      
      a Microsoft Passport network, said method including the step of sending said another only of the two factors via said recipient'"'"'s passport;
      
      a Microsoft Messenger network, said method including the step of sending said another only of the two factors as an instant message;
      
      a pager network, said method including the step of sending said another only of the two factors as a pager message;
      
      a voice network, said method including the step of generating said another only of the two factors as a synthesised voice message; and
      
      a network operative to send said another only of the two factors as Unstructured Supplementary Service Data (USSD).
  - 5. A method, according to claim 1 wherein said third network connection includes at least one of:
    - a secure Internet connection from a web browser connecting via an encrypted link to a web server;
      
      a secure Internet connection from a web browser connecting via the URL HTTPS;
      
      a secure Internet connection from a web browser connecting via a Secure Socket layer (SSL) to a web server;
      
      a secure Internet connection from a web browser connecting via Transport Layer Security (TLS) to a web server; and
      
      a secure Internet connection from a mobile device'"'"'s Wireless Access Protocol (WAP) browser connecting to a WAP gateway.
  - 6. A method, according to claim 2 wherein said third network connection includes at least one of:
    - a secure Internet connection from a web browser connecting via an encrypted link to a web server;
      
      a secure Internet connection from a web browser connecting via the URL HTTPS;
      
      a secure Internet connection from a web browser connecting via a Secure Socket layer (SSL) to a web server;
      
      a secure Internet connection from a web browser connecting via Transport Layer Security (TLS) to a web server; and
      
      a secure Internet connection from a mobile device'"'"'s Wireless Access Protocol (WAP) browser connecting to a WAP gateway.
  - 7. A method, according to claim 3 wherein said third network connection includes at least one of:
    - a secure Internet connection from a web browser connecting via an encrypted link to a web server;
      
      a secure Internet connection from a web browser connecting via the URL HTTPS;
      
      a secure Internet connection from a web browser connecting via a Secure Socket layer (SSL) to a web server;
      
      a secure Internet connection from a web browser connecting via Transport Layer Security (TLS) to a web server; and
      
      a secure Internet connection from a mobile device'"'"'s Wireless Access Protocol (WAP) browser connecting to a WAP gateway.
  - 8. A method, according to claim 4 wherein said third network connection includes at least one of:
    - a secure Internet connection from a web browser connecting via an encrypted link to a web server;
      
      a secure Internet connection from a web browser connecting via the URL HTTPS;
      
      a secure Internet connection from a web browser connecting via a Secure Socket layer (SSL) to a web server;
      
      a secure Internet connection from a web browser connecting via Transport Layer Security (TLS) to a web server; and
      
      a secure Internet connection from a mobile device'"'"'s Wireless Access Protocol (WAP) browser connecting to a WAP gateway.
  - 9. A method, according to claim 1, wherein said authentication code is uniquely generated for each stored portion.
  - 10. A method, according to claim 1, including the step of providing the originator'"'"'s identity along with said authentication code.
  - 11. A method, according to claim 1, wherein said store is operative to generate at least a portion of said authentication code.
  - 12. A method, according to claim 1, including the step of causing said store to send a notification message to said originator when said recipient has gained access to said removed portion.
  - 20. A method of originating secure electronic communication of an email message from an originator to a recipient, for use in the method of claim 1, said method comprising the steps of:
    - said originator removing a security sensitive portion of the message;
      
      said originator employing a first network connection to send the removed portion to an externally accessible store, said externally accessible store being operative to grant access to said stored removed portion upon presentation of a two factor authentication, the two factors comprising an authentication code and a reference code;
      
      said originator employing email to send the residue of the message, along with one, only, of the two factors and notification that said removed portion is in said store, via an external Internet connection to said recipient; and
      
      said originator employing a second external network connection to send another, only, of the two factors to said recipient separately from the one factor.
  - 22. A method, according to claim 1, wherein said one factor comprises the authentication code and said another factor comprises the reference code.

13. A system for secure electronic communication of an email message from an originator to a recipient, said system comprising:
- a message splitter operative to split the email message between a first email message and a second message, removing at least a security sensitive portion of the email message to make the second message;
  
  a second message sender for sending the second message, comprising the removed portion, via a first network connection to an external externally accessible store, said externally accessible store being operative to grant access to said stored removed portion upon presentation of a two factor authentication, the two factors comprising an authentication code and a reference code;
  
  a sender for sending one, only, of the two factors to said recipient via a second, external network connection;
  
  a first email message sender for sending the first email message, comprising the residue of the message, along with another, only, of the two factors and notification that said removed portion is in said externally accessible store, via an external Internet connection, to said recipient;
  
  accessing means for said recipient to access said externally accessible store; and
  
  a third network connection for said recipient to provide said externally accessible store with said two factor authentication comprising said reference code and said authentication code for said externally accessible store to grant external access to said removed portion.
- View Dependent Claims (14, 15, 16, 17, 21)
- - 14. A system, according to claim 13, wherein said first network connection includes at least one of:
    - a secure Internet connection;
      
      a secure Internet connection using encryption;
      
      a secure Internet connection including a Secure Socket Layer (SSL);
      
      a secure network connection; and
      
      a secure network connection including encryption.
  - 15. A system, according to claim 13, wherein said second network connection includes connection through a gateway;
    - said gateway comprising at least one of;
      
      a cellular telephone network;
      
      a cellular telephone network selectably operable to send said another only of the two factors to said recipient as a visually readable short message service text message;
      
      a Microsoft Passport network operative to carry said another only of the two factors via said recipient'"'"'s passport;
      
      a Microsoft Messenger network operative to carry said another only of the two factors as an instant message;
      
      a pager network operative to carry said another only of the two factors as a pager message;
      
      a voice network operative to carry said another only of the two factors as a synthesised voice message; and
      
      a network operative to carry said authentication code as Unstructured Supplementary Service Data (USSD).
  - 16. A system, according to claim 14, wherein said second network connection includes connection through a gateway;
    - said gateway comprising at least one of;
      
      a cellular telephone network;
      
      a cellular telephone network selectably operable to send said another only of the two factors to said recipient as a visually readable short message service text message;
      
      a Microsoft Passport network operative to carry said another only of the two factors via said recipient'"'"'s passport;
      
      a Microsoft Messenger network operative to carry said another only of the two factors as an instant message;
      
      a pager network operative to carry said another only of the two factors as a pager message;
      
      a voice network operative to carry said another only of the two factors as a synthesised voice message; and
      
      a network operative to carry said another only of the two factors as Unstructured Supplementary Service Data (USSD).
  - 17. A system, according to any of claims 13 to 16 wherein said third network connection includes at least one of:
    - a secure Internet connection from a web browser connecting via an encrypted link to a web server;
      
      a secure Internet connection from a web browser connecting via the URL HTTPS;
      
      a secure Internet connection from a web browser connecting via a Secure Socket layer (SSL) to a web server;
      
      a secure Internet connection from a web browser connecting via Transport Layer Security (TLS) to a web server; and
      
      a secure Internet connection from a mobile device'"'"'s Wireless Access Protocol (WAP) browser connecting to a WAP gateway.
  - 21. A system for originating secure electronic communication of an email message from an originator to a recipient, for use in the system of claim 13, said system comprising:
    - a message splitter operative to remove at least a security sensitive portion of the message;
      
      a removed portion sender for sending the removed portion via a first network connection to an externally accessible store, said externally accessible store being operative to grant access to said stored removed portion upon presentation of a two factor authentication, the two factors comprising an authentication code and a reference code;
      
      an email message sender for sending the residue of the message along with one, only, of the two factors and notification that said removed portion is in said store, via an external Internet connection to said recipient; and
      
      a sender for sending another, only, of the two factors to said recipient via a second, external network connection.

18. A method for secure electronic communication of an email message with a security sensitive portion from an originator to a recipient, said method comprising the steps of:
- said originator removing the security sensitive portion of the message;
  
  providing a first network connection and an externally accessible store operative to grant access to the removed portion of the message upon presentation of a two factor authentication, the two factors comprising an authentication code and a reference code;
  
  said originator employing said first network connection to send the removed portion of the message to the external store, said originator employing email to send a residue of the message, along with one, only, of the two factors and a notification that the removed portion is in said store, via an external Internet connection to said recipient;
  
  said originator providing a second external network connection and employing said second network connection to send another, only, of the two factors to said recipient separately from the one factor;
  
  said recipient receiving said one of the two factors and said notification by said email and said recipient receiving said another of the two factors, by said second external network, separately from said email;
  
  said recipient accessing said externally accessible store; and
  
  said recipient providing a third network connection and employing said third network connection to provide said externally accessible store with the two factor authentication comprising said reference code and said authentication code for said externally accessible store to grant access to the removed portion.

19. A system for secure electronic communication of an email message with a security sensitive portion from an originator to a recipient, said system comprising:
- a message splitter for removing at least a security sensitive portion of the message;
  
  a removed portion sender for sending the removed portion to an externally accessible store via a first network connection, said externally accessible store being operative to grant access to said removed portion upon presentation of a two factor authentication, the two factors comprising an authentication code and a reference code;
  
  an email message sender for sending one, only of the two factors together with a residue of the message, with notification that said removed portion is in said store, via an external Internet connection to said recipient;
  
  a sender for sending another, only, of the two factors to said recipient, separately from the one factor, via a second, external network connection;
  
  accessing means operable by said recipient for accessing said externally accessible store; and
  
  a third network connection operable by said recipient for providing said externally accessible store with said two factor authentication comprising said reference code and said authentication code for said externally accessible store to grant external access to said removed portion.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SecurEnvoy Ltd. (Shearwater Group Plc)
Original Assignee
Andrew Christopher Kemshall
Inventors
Kemshall, Andrew Christopher
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
BAYOU, YONAS A

Application Number

US10/886,152
Publication Number

US 20060020799A1
Time in Patent Office

2,849 Days
Field of Search

713/170
US Class Current

713/170
CPC Class Codes

H04L 51/00   User-to-user messaging in p...

H04L 63/083   using passwords cryptograph...

H04L 63/166   at the transport layer

Secure messaging

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

57 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Secure messaging

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

57 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links