Secure E-mail messaging system
First Claim
1. A secure e-mail messaging system comprising:
- an e-mail relay server coupled to a secure client configured on a secure domain and an external client configured on an external domain, the e-mail relay server having a memory for storage of an actual address of the secure client, a first certificate associated with the actual address, an alias address associated with the actual address, and a second certificate associated with the alias address, the actual address including domain structure information of the secure domain, the first certificate including a public key of the actual address and a private key of the alias address, and the second certificate including a public key of the alias address and a private key of the external client, the e-mail relay server operable to;
receive an e-mail message comprising the alias address as a recipient from the external client, the alias address comprising a local part and domain structure information of the external domain, both the local part and the domain structure information of the external domain of the alias address being devoid of the domain structure information of the secure domain, the e-mail message being encrypted according to the public key of the alias address and the e-mail message being encrypted according to the private key of the external client for a first signature, the public key of the alias address and the private key of the external client being extracted from the second certificate previously issued to the external client;
decrypt the e-mail message according to the second certificate, the decrypting including verifying whether the e-mail message has the first signature of the external client, the verifying including decrypting the e-mail message according to a public key of the external client accessible to the e-mail relay server;
replace the alias address with the actual address of the secure client as the recipient to form a modified e-mail message;
encrypt the modified e-mail message according to the public key of the actual address and encrypt the modified e-mail message according to the private key of the alias address for a second signature, the public key of the actual address and the private key of the alias address being extracted from the first certificate; and
transmit the modified e-mail message to the secure client as encrypted according to the public key of the actual address and signed according to the private key of the alias address.
11 Assignments
0 Petitions
Accused Products
Abstract
According to one embodiment, a secure e-mail messaging system includes an e-mail relay server coupled to a secure client configured on a secure domain and an external client configured on an external domain. The e-mail relay server has a memory for storage of an actual address of the secure client, a first certificate associated with the actual address, an alias address associated with the actual address, and a second certificate associated with the alias address. The e-mail relay server receives an e-mail message that includes the alias address from the external client and decrypts the e-mail message according to the second certificate. The e-mail messaging server then replaces the alias address with the actual address to form a modified e-mail message, encrypts the modified e-mail message according to the first certificate, and transmits the modified e-mail message to the secure client.
-
Citations
24 Claims
-
1. A secure e-mail messaging system comprising:
-
an e-mail relay server coupled to a secure client configured on a secure domain and an external client configured on an external domain, the e-mail relay server having a memory for storage of an actual address of the secure client, a first certificate associated with the actual address, an alias address associated with the actual address, and a second certificate associated with the alias address, the actual address including domain structure information of the secure domain, the first certificate including a public key of the actual address and a private key of the alias address, and the second certificate including a public key of the alias address and a private key of the external client, the e-mail relay server operable to; receive an e-mail message comprising the alias address as a recipient from the external client, the alias address comprising a local part and domain structure information of the external domain, both the local part and the domain structure information of the external domain of the alias address being devoid of the domain structure information of the secure domain, the e-mail message being encrypted according to the public key of the alias address and the e-mail message being encrypted according to the private key of the external client for a first signature, the public key of the alias address and the private key of the external client being extracted from the second certificate previously issued to the external client; decrypt the e-mail message according to the second certificate, the decrypting including verifying whether the e-mail message has the first signature of the external client, the verifying including decrypting the e-mail message according to a public key of the external client accessible to the e-mail relay server; replace the alias address with the actual address of the secure client as the recipient to form a modified e-mail message; encrypt the modified e-mail message according to the public key of the actual address and encrypt the modified e-mail message according to the private key of the alias address for a second signature, the public key of the actual address and the private key of the alias address being extracted from the first certificate; and transmit the modified e-mail message to the secure client as encrypted according to the public key of the actual address and signed according to the private key of the alias address. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A secure e-mail messaging method comprising:
-
receiving, by a network device, an e-mail message comprising an alias address as a recipient from an external client configured on an external domain, the alias address associated with an actual address of a secure client configured on a secure network, the e-mail message being encrypted according to a public key of the alias address and the e-mail being encrypted according to a private key of the external client for a first signature, the public key of the alias address and the private key of the external client being extracted from a second certificate associated with the alias address, the second certificate previously issued to the external client; decrypting, by a network device, the e-mail message according to the stored second certificate, the decrypting including verifying whether the e-mail message has the first signature of the external client, the verifying including decrypting the e-mail message according to a public key of the external client; replacing, by a network device, the alias address with the actual address of the secure client as the recipient to form a modified e-mail message, the actual address including domain structure information of the secure network, the alias address comprising a local part and domain structure information of the external domain, both the local part and the domain structure information of the external domain of the alias address being devoid of the domain structure information of the secure network; encrypting, by a network device, the modified e-mail message according to a public key of the actual address and encrypting the modified e-mail message according to a private key of the alias address for a second signature, the public key of the actual address and the private key of the alias address being extracted from a stored first certificate associated with the actual address; and transmitting, by a network device, the modified e-mail message to the secure client as encrypted according to the public key of the actual address and signed according to the private key of the alias address. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A non-transitory computer-readable medium having code stored thereon, the code operable, when executed on a computer processor, to perform at least the following:
-
receive an e-mail message comprising an alias address as a recipient from an external client configured on an external domain, the alias address associated with an actual address of a secure client configured on a secure network, the actual address including domain structure information of the secure network, the alias address comprising a local part and domain structure information of the external domain, both the local part and the domain structure information of the external domain of the alias address being devoid of the domain structure information of the secure network, the e-mail message being encrypted according to a public key of the alias address and the e-mail being encrypted according to the private key of the external client for a first signature, the public key of the alias address and the private key of the external client being extracted from a second certificate associated with the alias address, the second certificate previously issued to the external client; decrypt the e-mail message according to the stored second certificate, the decrypting including verifying whether the e-mail message has the first signature of the external client, the verifying including decrypting the e-mail message according to a public key of the external client; replace the alias address with the actual address of the secure client as the recipient to form a modified e-mail message; encrypt the modified e-mail message according to a public key of the actual address and encrypt the modified e-mail message according to a private key of the alias address for a second signature, the public key of the actual address and the private key of the alias address being extracted from a stored first certificate associated with the actual address; and transmit the modified e-mail message to the secure client as encrypted according to the public key of the actual address and signed according to the private key of the alias address. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
Specification