Secure E-mail messaging system

US 8,359,357 B2
Filed: 07/21/2008
Issued: 01/22/2013
Est. Priority Date: 07/21/2008
Status: Active Grant

First Claim

Patent Images

1. A secure e-mail messaging system comprising:

an e-mail relay server coupled to a secure client configured on a secure domain and an external client configured on an external domain, the e-mail relay server having a memory for storage of an actual address of the secure client, a first certificate associated with the actual address, an alias address associated with the actual address, and a second certificate associated with the alias address, the actual address including domain structure information of the secure domain, the first certificate including a public key of the actual address and a private key of the alias address, and the second certificate including a public key of the alias address and a private key of the external client, the e-mail relay server operable to;

receive an e-mail message comprising the alias address as a recipient from the external client, the alias address comprising a local part and domain structure information of the external domain, both the local part and the domain structure information of the external domain of the alias address being devoid of the domain structure information of the secure domain, the e-mail message being encrypted according to the public key of the alias address and the e-mail message being encrypted according to the private key of the external client for a first signature, the public key of the alias address and the private key of the external client being extracted from the second certificate previously issued to the external client;

decrypt the e-mail message according to the second certificate, the decrypting including verifying whether the e-mail message has the first signature of the external client, the verifying including decrypting the e-mail message according to a public key of the external client accessible to the e-mail relay server;

replace the alias address with the actual address of the secure client as the recipient to form a modified e-mail message;

encrypt the modified e-mail message according to the public key of the actual address and encrypt the modified e-mail message according to the private key of the alias address for a second signature, the public key of the actual address and the private key of the alias address being extracted from the first certificate; and

transmit the modified e-mail message to the secure client as encrypted according to the public key of the actual address and signed according to the private key of the alias address.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

According to one embodiment, a secure e-mail messaging system includes an e-mail relay server coupled to a secure client configured on a secure domain and an external client configured on an external domain. The e-mail relay server has a memory for storage of an actual address of the secure client, a first certificate associated with the actual address, an alias address associated with the actual address, and a second certificate associated with the alias address. The e-mail relay server receives an e-mail message that includes the alias address from the external client and decrypts the e-mail message according to the second certificate. The e-mail messaging server then replaces the alias address with the actual address to form a modified e-mail message, encrypts the modified e-mail message according to the first certificate, and transmits the modified e-mail message to the secure client.

Citations

24 Claims

1. A secure e-mail messaging system comprising:
- an e-mail relay server coupled to a secure client configured on a secure domain and an external client configured on an external domain, the e-mail relay server having a memory for storage of an actual address of the secure client, a first certificate associated with the actual address, an alias address associated with the actual address, and a second certificate associated with the alias address, the actual address including domain structure information of the secure domain, the first certificate including a public key of the actual address and a private key of the alias address, and the second certificate including a public key of the alias address and a private key of the external client, the e-mail relay server operable to;
  
  receive an e-mail message comprising the alias address as a recipient from the external client, the alias address comprising a local part and domain structure information of the external domain, both the local part and the domain structure information of the external domain of the alias address being devoid of the domain structure information of the secure domain, the e-mail message being encrypted according to the public key of the alias address and the e-mail message being encrypted according to the private key of the external client for a first signature, the public key of the alias address and the private key of the external client being extracted from the second certificate previously issued to the external client;
  
  decrypt the e-mail message according to the second certificate, the decrypting including verifying whether the e-mail message has the first signature of the external client, the verifying including decrypting the e-mail message according to a public key of the external client accessible to the e-mail relay server;
  
  replace the alias address with the actual address of the secure client as the recipient to form a modified e-mail message;
  
  encrypt the modified e-mail message according to the public key of the actual address and encrypt the modified e-mail message according to the private key of the alias address for a second signature, the public key of the actual address and the private key of the alias address being extracted from the first certificate; and
  
  transmit the modified e-mail message to the secure client as encrypted according to the public key of the actual address and signed according to the private key of the alias address.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The secure e-mail messaging system of claim 1, wherein the e-mail relay server is further operable to:
    - receive another e-mail message comprising the actual address from the secure client;
      
      encrypt the another e-mail message according to the first certificate;
      
      replace the actual address with the alias address to form another modified e-mail message;
      
      encrypt the another modified e-mail message according to the second certificate; and
      
      transmit the another modified e-mail message to the external client.
  - 3. The secure e-mail messaging system of claim 1, wherein the e-mail relay server is operable to decrypt the e-mail message according to the second certificate by decrypting the e-mail message according to a private key of the alias address.
  - 4. The secure e-mail messaging system of claim 1, wherein the secure domain comprises a secure network having a security level that differs from the security level of the external domain.
  - 5. The secure e-mail messaging system of claim 1, wherein the first certificate is isolated from the external domain and wherein the second certificate is isolated from the secure domain.
  - 6. The secure e-mail messaging system of claim 1, further comprising a guard node coupled to the e-mail relay server, the guard node operable to verify the e-mail message according to a plurality of rules.
  - 7. The secure e-mail messaging system of claim 6, wherein the guard node is operable to verify the first e-mail message by searching the body portion for instances of one of a plurality of key phrases or one of a plurality of keywords and if found, restrict the e-mail relay server from transmitting the modified e-mail message.
  - 8. The secure e-mail messaging system of claim 1, wherein e-mail relay server is coupled to the secure client through a domain gateway, the domain gateway operable to compartment information transmitted from the secure domain to the external domain.

9. A secure e-mail messaging method comprising:
- receiving, by a network device, an e-mail message comprising an alias address as a recipient from an external client configured on an external domain, the alias address associated with an actual address of a secure client configured on a secure network, the e-mail message being encrypted according to a public key of the alias address and the e-mail being encrypted according to a private key of the external client for a first signature, the public key of the alias address and the private key of the external client being extracted from a second certificate associated with the alias address, the second certificate previously issued to the external client;
  
  decrypting, by a network device, the e-mail message according to the stored second certificate, the decrypting including verifying whether the e-mail message has the first signature of the external client, the verifying including decrypting the e-mail message according to a public key of the external client;
  
  replacing, by a network device, the alias address with the actual address of the secure client as the recipient to form a modified e-mail message, the actual address including domain structure information of the secure network, the alias address comprising a local part and domain structure information of the external domain, both the local part and the domain structure information of the external domain of the alias address being devoid of the domain structure information of the secure network;
  
  encrypting, by a network device, the modified e-mail message according to a public key of the actual address and encrypting the modified e-mail message according to a private key of the alias address for a second signature, the public key of the actual address and the private key of the alias address being extracted from a stored first certificate associated with the actual address; and
  
  transmitting, by a network device, the modified e-mail message to the secure client as encrypted according to the public key of the actual address and signed according to the private key of the alias address.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The secure e-mail messaging method of claim 9, further comprising:
    - receiving another e-mail message comprising the actual address from the secure client;
      
      encrypting the another e-mail message according to the first certificate;
      
      replacing the actual address with the alias address to form another modified e-mail message;
      
      encrypting the another modified e-mail message according to the second certificate, and transmitting the another modified e-mail message to the external client.
  - 11. The secure e-mail messaging method of claim 9, wherein decrypting the e-mail message according to the second certificate further comprises:
    - decrypting the e-mail message according to a private key of the alias address.
  - 12. The secure e-mail messaging method of claim 9, wherein the external domain has a security level that differs from the security level of the secure domain.
  - 13. The secure e-mail messaging method of claim 9, wherein the first certificate is isolated from the external domain.
  - 14. The secure e-mail messaging method of claim 9, further comprising:
    - verifying the e-mail message according to a plurality of rules.
  - 15. The secure e-mail messaging method of claim 14, wherein verifying the e-mail message according to the plurality of rules comprises:
    - searching the body portion for instances of one of a plurality of key phrases or one of a plurality of keywords and if found, restricting an e-mail relay server receiving the e-mail message from transmitting the modified e-mail message.
  - 16. The secure e-mail messaging method of claim 9, further comprising:
    - compartmenting information that is transmitted from the secure domain to the external domain.

17. A non-transitory computer-readable medium having code stored thereon, the code operable, when executed on a computer processor, to perform at least the following:
- receive an e-mail message comprising an alias address as a recipient from an external client configured on an external domain, the alias address associated with an actual address of a secure client configured on a secure network, the actual address including domain structure information of the secure network, the alias address comprising a local part and domain structure information of the external domain, both the local part and the domain structure information of the external domain of the alias address being devoid of the domain structure information of the secure network, the e-mail message being encrypted according to a public key of the alias address and the e-mail being encrypted according to the private key of the external client for a first signature, the public key of the alias address and the private key of the external client being extracted from a second certificate associated with the alias address, the second certificate previously issued to the external client;
  
  decrypt the e-mail message according to the stored second certificate, the decrypting including verifying whether the e-mail message has the first signature of the external client, the verifying including decrypting the e-mail message according to a public key of the external client;
  
  replace the alias address with the actual address of the secure client as the recipient to form a modified e-mail message;
  
  encrypt the modified e-mail message according to a public key of the actual address and encrypt the modified e-mail message according to a private key of the alias address for a second signature, the public key of the actual address and the private key of the alias address being extracted from a stored first certificate associated with the actual address; and
  
  transmit the modified e-mail message to the secure client as encrypted according to the public key of the actual address and signed according to the private key of the alias address.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The non-transitory computer-readable medium of claim 17, the code further operable, when executed on the computer processor, to:
    - receive another e-mail message comprising the actual address from the secure client;
      
      encrypt the another e-mail message according to the first certificate;
      
      replace the actual address with the alias address to form another modified e-mail message;
      
      encrypt the another modified e-mail message according to the second certificate and transmit the another modified e-mail message to the external client.
  - 19. The non-transitory computer-readable medium of claim 17, the code further operable, when executed on the computer processor, to:
    - decrypt the e-mail message according to a private key of the alias address.
  - 20. The non-transitory computer-readable medium of claim 17, wherein the external domain has a security level that differs from the security level of the secure domain.
  - 21. The non-transitory computer-readable medium of claim 17, wherein the first certificate is isolated from the external domain.
  - 22. The non-transitory computer-readable medium of claim 17, the code further operable, when executed on the computer processor, to:
    - verify the e-mail message according to a plurality of rules.
  - 23. The non-transitory computer-readable medium of claim 22, wherein to verify the e-mail message according to the plurality of rules comprises:
    - searching the body portion for instances of one of a plurality of key phrases or one of a plurality of keywords and if found, restricting an e-mail relay server receiving the e-mail message from transmitting the modified e-mail message.
  - 24. The non-transitory computer-readable medium of claim 17, the code further operable, when executed on the computer processor, to:
    - compartment information that is transmitted from the secure domain to the external domain.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Forcepoint Federal Holdings LLC (Francisco Partners Management LLC)
Original Assignee
Raytheon Company (Rtx Corporation)
Inventors
Rodriguez, Ricardo J., Visaria, Jay J., Oberai, Tina A., Farley, Thomas D., Stahl, Noah Z., Pippins, Jerry L. Jr.
Primary Examiner(s)
Najjar, Saleh
Assistant Examiner(s)
NASH, LASHANYA RENEE

Application Number

US12/176,935
Publication Number

US 20100017598A1
Time in Patent Office

1,646 Days
Field of Search

713/150, 713153-156, 709204-207, 726/27, 726/30
US Class Current

709/206
CPC Class Codes

H04L 51/48 Message addressing, e.g. ad...

Secure E-mail messaging system

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Secure E-mail messaging system

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links