Identity-based-encryption message management system

US 8,353,023 B2
Filed: 09/30/2011
Issued: 01/08/2013
Est. Priority Date: 12/22/2003
Status: Expired due to Fees

First Claim

Patent Images

1. A method of processing incoming email messages to an organization, wherein the organization has a network, a gateway, a private key generator, and a plurality of recipients and wherein the gateway, private key generator, and recipients are connected by the network, the method comprising:

receiving an encrypted email message for a recipient in the organization with the gateway;

with the gateway, using recipient credential information to request a private key of the recipient from the private key generator;

using the recipient credential information at the private key generator to determine whether the gateway is authorized to obtain the requested private key, and, if the gateway is authorized, generating the requested private key in real time;

providing the private key that has been generated by the private key generator to the gateway; and

at the gateway, using the private key to decrypt the email message.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for managing email are provided. Some of the email may be encrypted using identity-based-encryption (IBE) techniques. When an incoming IBE-encrypted message for a recipient in an organization is received by a gateway at the organization, the gateway may request an IBE private key from an IBE private key generator. The IBE private key generator may generate the requested IBE private key for the gateway. The gateway may use an IBE decryption engine to decrypt the incoming message. The decrypted message can be scanned for viruses and spam and delivered to the recipient. Outgoing email messages can also be processed. If indicated by message attributes or information provided by a message sender, an outgoing message can be encrypted using an IBE encryption engine and the IBE public key of a desired recipient.

25 Citations

View as Search Results

19 Claims

1. A method of processing incoming email messages to an organization, wherein the organization has a network, a gateway, a private key generator, and a plurality of recipients and wherein the gateway, private key generator, and recipients are connected by the network, the method comprising:
- receiving an encrypted email message for a recipient in the organization with the gateway;
  
  with the gateway, using recipient credential information to request a private key of the recipient from the private key generator;
  
  using the recipient credential information at the private key generator to determine whether the gateway is authorized to obtain the requested private key, and, if the gateway is authorized, generating the requested private key in real time;
  
  providing the private key that has been generated by the private key generator to the gateway; and
  
  at the gateway, using the private key to decrypt the email message.
- View Dependent Claims (2, 3)
- - 2. The method defined in claim 1 wherein the gateway has an identity-based-encryption (IBE) decryption engine and wherein using the private key to decrypt the email message comprises using the IBE decryption engine to decrypt the email message at the gateway.
  - 3. The method defined in claim 1 wherein the gateway is connected to the Internet by a firewall, the method further comprising receiving the encrypted email message with the gateway through the firewall.

4. A method of processing email messages in an organization, wherein the organization has a network, a gateway, a private key generator, and a plurality of recipients and wherein the gateway, private key generator, and recipients are connected by the network, the method comprising:
- receiving an encrypted email message for a recipient in the organization with the gateway;
  
  with the gateway, using recipient credential information to request a private key of the recipient from the private key generator;
  
  at the gateway, receiving the private key from the private key generator; and
  
  at the gateway, using the private key to decrypt the email message.
- View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 5. The method defined in claim 4 wherein the gateway has an identity-based-encryption (IBE) decryption engine and wherein using the private key to decrypt the email message comprises using the IBE decryption engine to decrypt the email message at the gateway.
  - 6. The method defined in claim 4 wherein the gateway is connected to the Internet by a firewall, the method further comprising receiving the encrypted email message with the gateway through the firewall.
  - 7. The method defined in claim 4 further comprising:
    - at the gateway, scanning the decrypted email message for viruses to produce a scanned version of the email message; and
      
      providing the scanned email message from the gateway to the recipient.
  - 8. The method defined in claim 7 further comprising:
    - processing the decrypted email message at the gateway to determine whether to edit the email message; and
      
      if it is determined that the email message is to be edited, using a message editor at the gateway to edit the email message.
  - 9. The method defined in claim 8 wherein processing the decrypted email message at the gateway to determine whether to edit the email message comprises determining that the email message includes an attachment that contains a virus and wherein using the message editor at the gateway to edit the email message comprises removing the attachment.
  - 10. The method defined in claim 7 further comprising:
    - processing the decrypted email message at the gateway to determine whether to generate a notification; and
      
      if it is determined that a notification is to be generated, using the gateway to generate the notification.
  - 11. The method defined in claim 10 wherein processing the decrypted email message at the gateway to determine whether to generate a notification comprises determining that the email message includes an attachment that contains a virus and wherein using the gateway to generate the notification comprises generating an alarm.
  - 12. The method defined in claim 4 further comprising:
    - processing the decrypted email message at the gateway to determine whether to generate a notification; and
      
      if it is determined that a notification is to be generated, using the gateway to generate the notification.
  - 13. The method defined in claim 12 wherein processing the decrypted email message at the gateway to determine whether to generate a notification comprises processing the decrypted email message at the gateway to determine whether the email message violates an organizational policy and wherein using the gateway to generate the notification comprises sending a notification message to an appropriate party that identifies the organizational policy violation.
  - 14. The method defined in claim 12 wherein processing the decrypted email message at the gateway to determine whether to generate a notification comprises processing the decrypted email message at the gateway to determine whether the email message contains a sensitive document as an attachment.
  - 15. The method defined in claim 4 further comprising:
    - processing the decrypted email message at the gateway to determine whether to edit the email message; and
      
      if it is determined that the email message is to be edited, using a message editor at the gateway to edit the email message.
  - 16. The method defined in claim 15 wherein processing the decrypted email message at the gateway to determine whether to edit the email message comprises determining that the email message includes sensitive information and wherein using the message editor at the gateway to edit the email message comprises removing the sensitive information.
  - 17. The method defined in claim 4 further comprising:
    - processing the decrypted email message at the gateway to determine whether to archive the email message; and
      
      if it is determined that the email message is to be archived, using a database controller to save a copy of the email message in a database of the organization.
  - 18. The method defined in claim 17 wherein processing the decrypted email message at the gateway to determine whether to archive the email message comprises determining that the email message includes a virus and wherein using the database controller to save the copy of the email message in the database of the organization comprises saving a copy of the email message that includes the virus.
  - 19. The method defined in claim 17 wherein processing the decrypted email message at the gateway to determine whether to archive the email message comprises determining that at least one condition is satisfied, wherein the at least one condition is selected from the group consisting of:
    - the email message contains a particular type of data, the email message contains patient data, the email contains medical data, the email message originated from a particular sender, the email message originated from a physician, the recipient that the email message is destined to is a particular recipient, and the recipient that the email message is destined to is a patient, and wherein using the database controller to save the copy of the email message in the database of the organization comprises saving of copy of the email message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
entIT Software LLC (Open Text Corporation)
Original Assignee
Voltage Security Incorporated (HP Inc.)
Inventors
Spies, Terence, Appenzeller, Guido
Primary Examiner(s)
Lipman, Jacob

Application Number

US13/250,950
Publication Number

US 20120023571A1
Time in Patent Office

466 Days
Field of Search

726/12
US Class Current

726/12
CPC Class Codes

H04L 2209/76   Proxy, i.e. using intermedi...

H04L 63/0442   wherein the sending and rec...

H04L 63/045   wherein the sending and rec...

H04L 9/3073   involving pairings, e.g. id...

Identity-based-encryption message management system

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

25 Citations

19 Claims

Specification

Use Cases

Quick Links

Others

Identity-based-encryption message management system

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

25 Citations

19 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others