Business to business secure mail

US 8,447,976 B2
Filed: 06/01/2009
Issued: 05/21/2013
Est. Priority Date: 06/01/2009
Status: Active Grant

First Claim

Patent Images

1. A method for providing secure mail, the method comprising:

receiving, at a recipient device, a protected message from a sender device associated with a first organization, wherein the recipient device is associated with a second organization, and wherein the first and second organizations are different;

requesting a receiving user token from a trust broker, wherein requesting the receiving user token comprises submitting a list of two or more email aliases associated with the receiving user token, wherein the two or more email aliases are federated with the trust broker;

submitting the receiving user token to an authorization server associated with the sender device;

receiving a user license issued by the authorization server; and

decrypting the protected message using the user license.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Business to business secure mail may be provided. Consistent with embodiments of the invention, a protected message may be received. The recipient may request a token from a trust broker, submit the token to an authorization server associated with the sender, receive a user license from the authorization server; and decrypt the protected message using the user license. The protected message may restrict actions that may be taken by the recipient, such as forwarding to other users.

Citations

20 Claims

1. A method for providing secure mail, the method comprising:
- receiving, at a recipient device, a protected message from a sender device associated with a first organization, wherein the recipient device is associated with a second organization, and wherein the first and second organizations are different;
  
  requesting a receiving user token from a trust broker, wherein requesting the receiving user token comprises submitting a list of two or more email aliases associated with the receiving user token, wherein the two or more email aliases are federated with the trust broker;
  
  submitting the receiving user token to an authorization server associated with the sender device;
  
  receiving a user license issued by the authorization server; and
  
  decrypting the protected message using the user license.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, further comprising:
    - prior to requesting the receiving user token from the trust broker, determining whether the message protection is associated with another organization; and
      
      in response to determining that the message protection is associated with another organization, receiving a local user license to decrypt the protected message from an authorization server associated with the another organization.
  - 3. The method of claim 1, further comprising federating the first and the second organizations with the trust broker prior to requesting the receiving user token.
  - 4. The method of claim 1, wherein the protected message comprises at least one accepted trust broker.
  - 5. The method of claim 1, wherein the protected message comprises an authorization allowing decryption of the message by a pipeline agent.
  - 6. The method of claim 1, further comprising notifying the sender device when the user license is issued by the authorization server associated with the sender device.
  - 7. The method of claim 1, wherein the protected message comprises a network location for the authorization server associated with the sender device.
  - 8. The method of claim 1, wherein the user license prohibits the protected message from being sent to at least one other recipient.
  - 9. The method of claim 1, further comprising:
    - receiving a list of authorized recipients associated with the protected message;
      
      determining whether the list of authorized recipients includes a user submitting the receiving user token to the authorization server associated with the sender device; and
      
      in response to determining that the list of authorized recipients does not include the user submitting the receiving user token to the authorization server associated with the sender device, refusing to issue the user license.
  - 10. The method of claim 1, further comprising:
    - receiving a list of authorized recipients associated with the protected message;
      
      determining whether the list of authorized recipients includes a receiving user requesting the receiving user token from the trust broker; and
      
      in response to determining that the list of authorized recipients does not include the receiving user requesting the receiving user token from the trust broker, refusing to issue the receiving user token.
  - 11. The method of claim 1, further comprising:
    - receiving no response from the authorization server associated with the sender device;
      
      caching the authorization server in a list of unavailable authorization servers;
      
      receiving a second protected message from a sending organization associated with the unavailable authorization server; and
      
      discarding the second protected message.

12. A computer readable storage medium storing a set of instructions that when executed by a processor, cause the processor to perform a method, the method comprising:
- receiving, by a first device associated with a first user who is associated with a receiving organization, a protected message from a second device associated with a second user who is associated with a sending organization, wherein the protected message comprises a list of authorized recipients, wherein the receiving organization is different from the sending organization;
  
  determining whether the first user is included in the list of authorized recipients;
  
  in response to determining that the first user is included in the list of authorized recipients, requesting a user token from a trust broker, wherein requesting the user token from the trust broker comprises submitting a list of two or more email aliases, wherein the two or more email aliases are federated with the trust broker;
  
  submitting the user token to an authorization server associated with the sending organization;
  
  receiving a user license from the authorization server associated with the sending organization; and
  
  using the received user license to decrypt the protected message for the first user.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The computer readable storage medium of claim 12, wherein the receiving organization and the sending organization have federated with the trust broker.
  - 14. The computer readable storage medium of claim 12, further comprising decrypting the message for access by a pipeline agent.
  - 15. The computer readable storage medium of claim 12, wherein the protected message comprises a network location for the authorization server associated with the sending organization.
  - 16. The computer readable storage medium of claim 12, further comprising:
    - receiving no response from the authorization server associated with the sending organization; and
      
      creating a negative cache entry identifying the authorization server associated with the sending organization as unavailable.
  - 17. The computer readable storage medium of claim 16, further comprising:
    - receiving a second protected message from a third device associated with a third user who is associated with the sending organization;
      
      identifying the authorization server associated with the sending organization as unavailable according to the negative cache entry; and
      
      discarding the second protected message.
  - 18. The computer readable storage medium of claim 12, wherein two or more email aliases are associated with the first user.
  - 19. The computer readable storage medium of claim 18, wherein requesting the user token further comprises requesting a user token associated with at least one of the two or more email aliases from the trust broker.

20. A system for providing secure mail between organizations, the system comprising:
- a memory storage; and
  
  a processing unit coupled to the memory storage, wherein the processing unit is operativeto;
  
  receive, by a first device associated with a first user who is associated with a receiving organization, a protected message from a second device associated with a second user who is associated with a sending organization, wherein the protected message comprises a list of authorized recipients, wherein the receiving organization and the sending organization are different;
  
  determine whether the receiving organization comprises a rights certificate associated with the sending organization;
  
  in response to determining that the receiving organization does not comprise a rights certificate associated with the sending organization;
  
  request an organization token from a trust broker,send the organization token to an authorization server associated with the sending organization,receive the rights certificate associated with the sending organization, and cache the rights certificate associated with the sending organization;
  
  determine whether the first user is included in the list of authorized recipients;
  
  in response to determining that the first user is included in the list of authorized recipients, request a user token from a trust broker, wherein the request includes submitting a list of two or more email aliases associated with the user token, wherein the two or more email aliases are federated with the trust broker;
  
  send the user token to the authorization server associated with the sending organization;
  
  receive a user license from the authorization server associated with the sending organization;
  
  decrypt the protected message for the first user using the rights certificate and the user license; and
  
  enforce at least one restriction associated with the protected message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Jain, Chandresh K., Mehta, Mayank, Byrum, Frank D., Banti, Edward, Koman, Ayse Yesim, Nelte, Michael A., Barnes, Christopher, Zhang, Hao, Boctor, Victor, Patel, Tejas D., Zhong, Yuhui, Kostal, Gregory, Yarmolenko, Vladimir, Kamat, Pankaj M., Fulay, Amit K., Karamfilov, Krassimir E., Knibb, James R.
Primary Examiner(s)
Barron, Jr., Gilberto
Assistant Examiner(s)
ALMEIDA, DEVIN E

Application Number

US12/476,049
Publication Number

US 20100306535A1
Time in Patent Office

1,450 Days
Field of Search

726/4, 713/168
US Class Current

713/168
CPC Class Codes

G06F 21/606   by securing the transmissio...

H04L 2209/125   Parallelization or pipelini...

H04L 63/0823   using certificates cryptogr...

H04L 9/3213   using tickets or tokens, e....

H04L 9/3263   involving certificates, e.g...

H04L 9/3271   using challenge-response

Business to business secure mail

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Business to business secure mail

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links