Processing encrypted electronic documents

US 8,631,227 B2
Filed: 10/15/2007
Issued: 01/14/2014
Est. Priority Date: 10/15/2007
Status: Active Grant

First Claim

Patent Images

1. A data processing system, comprising:

a computer configured to receive and process electronic documents directed to one or more users;

a key server coupled to the computer and configured to store decryption data associated with one or more users, groups or domains;

a quarantine coupled to the computer;

electronic document processing logic coupled to the computer and to the quarantine and when executed operable to;

identify an encrypted electronic document received at the computer;

determine whether the key server stores particular decryption data, or credentials to access decryption data, that can decrypt the encrypted electronic document;

in response to determining that the key server stores particular decryption data of a document recipient and that can decrypt the encrypted electronic document;

first, retrieve the particular decryption data of the document recipient from the key server;

second, decrypt the electronic document using the particular decryption data of the document recipient and retrieved from the key server;

third, scan the electronic document to identify specified content in the electronic document to determine whether the specified content contains malicious elements;

fourth, encrypt the scanned document using the particular decryption data retrieved from the key server; and

fifth, perform one or more responsive actions based on the specified content;

in response to determining that the key server does not store particular decryption data of a document recipient and that can decrypt the encrypted electronic document;

first, store the electronic document in the quarantine;

second, notify one of the users;

third, receive from the one of the users the particular decryption data of the document recipient;

fourth, decrypt the electronic document using the particular decryption data of the document recipient and received from the one of the users;

fifth, scan the electronic document to identify specified content in the electronic document to determine whether the specified content contains malicious elements;

sixth, encrypt the scanned document using the particular decryption data received from the one of the users; and

seventh, perform one or more responsive actions based on the specified content.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Electronic document processing logic coupled to a computer and to a quarantine is operable to identify an encrypted electronic document received at the computer; determine whether the key server stores particular decryption data, or credentials to access decryption data, that can decrypt the encrypted electronic document; in response to determining that the key server does not store particular decryption data that can decrypt the encrypted electronic document: store the electronic document in the quarantine; notify one of the users; receive from the one of the users the particular decryption data; decrypt the electronic document; scan the electronic document to identify specified content in the electronic document; and perform one or more responsive actions based on the specified content. As a result, encrypted content in documents or e-mail can be decrypted, scanned for viruses, malware, or prohibited content, and re-encrypted or delivered.

54 Citations

View as Search Results

26 Claims

1. A data processing system, comprising:
- a computer configured to receive and process electronic documents directed to one or more users;
  
  a key server coupled to the computer and configured to store decryption data associated with one or more users, groups or domains;
  
  a quarantine coupled to the computer;
  
  electronic document processing logic coupled to the computer and to the quarantine and when executed operable to;
  
  identify an encrypted electronic document received at the computer;
  
  determine whether the key server stores particular decryption data, or credentials to access decryption data, that can decrypt the encrypted electronic document;
  
  in response to determining that the key server stores particular decryption data of a document recipient and that can decrypt the encrypted electronic document;
  
  first, retrieve the particular decryption data of the document recipient from the key server;
  
  second, decrypt the electronic document using the particular decryption data of the document recipient and retrieved from the key server;
  
  third, scan the electronic document to identify specified content in the electronic document to determine whether the specified content contains malicious elements;
  
  fourth, encrypt the scanned document using the particular decryption data retrieved from the key server; and
  
  fifth, perform one or more responsive actions based on the specified content;
  
  in response to determining that the key server does not store particular decryption data of a document recipient and that can decrypt the encrypted electronic document;
  
  first, store the electronic document in the quarantine;
  
  second, notify one of the users;
  
  third, receive from the one of the users the particular decryption data of the document recipient;
  
  fourth, decrypt the electronic document using the particular decryption data of the document recipient and received from the one of the users;
  
  fifth, scan the electronic document to identify specified content in the electronic document to determine whether the specified content contains malicious elements;
  
  sixth, encrypt the scanned document using the particular decryption data received from the one of the users; and
  
  seventh, perform one or more responsive actions based on the specified content.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The system of claim 1, wherein the electronic document is an electronic mail message.
  - 3. The system of claim 1, wherein the electronic document is an instant message.
  - 4. The system of claim 1, wherein the specified content is selected from the group consisting of:
    - one or more viruses;
      
      one or more malicious content elements;
      
      one or more elements of content that are prohibited according to a policy.
  - 5. The system of claim 1, wherein the responsive actions are selected from the group consisting of:
    - deleting the electronic document;
      
      sending the electronic document to one of the users;
      
      sending the electronic document to an administrator or other user;
      
      archiving the electronic document;
      
      sending the electronic document to another system;
      
      archiving the electronic document in decrypted form; and
      
      modifying the electronic document.
  - 6. The system of claim 1, wherein the decryption data is selected from the group consisting of:
    - one or more decryption keys;
      
      one or more decryption credentials.
  - 7. The system of claim 1, wherein the key server comprises a Pretty Good Privacy (PGP) key server or a public key infrastructure (PKI) certificate authority.
  - 8. The system of claim 1, wherein the computer is a message processing gateway.
  - 9. The system of claim 1, wherein the computer comprises a message processing gateway and a mail relay.
  - 10. The system of claim 1, wherein the electronic document processing logic is in the computer.
  - 11. The system of claim 1, wherein the electronic document processing logic when executed is operable to receive the encrypted electronic document over hypertext transfer protocol (HTTP).

12. A data processing system, comprising:
- an e-mail relay configured to receive and process e-mails directed to one or more users;
  
  a key server coupled to the e-mail relay and configured to store decryption data associated with one or more users, groups or domains;
  
  a message quarantine coupled to the e-mail relay;
  
  e-mail processing logic coupled to the e-mail relay and to the message quarantine and when executed operable to;
  
  identify an encrypted e-mail received at the e-mail relay;
  
  determine whether the key server stores particular decryption data, or credentials to access decryption data, that can decrypt the encrypted e-mail;
  
  in response to determining that the key server stores particular decryption data of a document recipient and that can decrypt the encrypted e-mail;
  
  first, retrieve the particular decryption data of the document recipient from the key server;
  
  second, decrypt the e-mail using the particular decryption data of the document recipient and retrieved from the key server;
  
  third, scan the e-mail to identify specified content in the e-mail to determine whether the specified content contains malicious elements;
  
  fourth, encrypt the scanned document using the particular decryption data retrieved from the key server; and
  
  fifth, perform one or more responsive actions based on the specified content;
  
  in response to determining that the key server does not store particular decryption data of a document recipient and that can decrypt the encrypted e-mail;
  
  first, store the e-mail in the message quarantine;
  
  second, notify one of the users;
  
  third, receive from the one of the users the particular decryption data of the document recipient;
  
  fourth, decrypt the e-mail using the particular decryption data of the document recipient and received from the one of the users;
  
  fifth, scan the e-mail to identify specified content in the e-mail to determine whether the specified content contains malicious elements;
  
  sixth, encrypt the scanned document using the particular decryption data received from the one of the users; and
  
  seventh, perform one or more responsive actions based on the specified content.
- View Dependent Claims (13, 14, 15, 16, 17, 18)
- - 13. The system of claim 12, wherein the specified content is selected from the group consisting of:
    - one or more viruses;
      
      one or more malicious content elements;
      
      one or more elements of content that are prohibited according to a policy.
  - 14. The system of claim 12, wherein the responsive actions are selected from the group consisting of:
    - deleting the electronic document;
      
      sending the electronic document to the one of the users;
      
      sending the electronic document to an administrator or other user;
      
      archiving the electronic document;
      
      sending the electronic document to another system;
      
      archiving the electronic document in decrypted form; and
      
      modifying the electronic document.
  - 15. The system of claim 12, wherein the decryption data is selected from the group consisting of:
    - one or more decryption keys;
      
      one or more decryption credentials.
  - 16. The system of claim 12, wherein the key server comprises a Pretty Good Privacy (PGP) key server or a public key infrastructure (PKI) certificate authority.
  - 17. The system of claim 12, wherein the computer is any of a message processing gateway, and a combination of a message processing gateway and a mail relay.
  - 18. The system of claim 12, wherein the e-mail processing logic is in the computer.

19. A non-transitory computer-readable data storage medium encoded with one or more sequences of instructions which, when executed by one or more processors, cause the one or more processors to perform:
- receiving and processing electronic documents directed to one or more users;
  
  establishing a quarantine in memory;
  
  identifying an encrypted electronic document received at a computer;
  
  determining whether a key server, which is configured to store decryption data associated with one or more users, groups or domains, stores particular decryption data, or credentials to access decryption data, that can decrypt the encrypted electronic document;
  
  in response to determining that the key server stores particular decryption data of a document recipient and that can decrypt the encrypted electronic document;
  
  first, retrieving the particular decryption data of the document recipient from the key server;
  
  second, decrypting the electronic document using the particular decryption data of the document recipient and retrieved from the key server;
  
  third, scanning the electronic document to identify specified content in the electronic document to determine whether the specified content contains malicious elements;
  
  fourth, encrypting the scanned document using the particular decryption data retrieved from the key server; and
  
  fifth, performing one or more responsive actions based on the specified content;
  
  in response to determining that the key server does not store particular decryption data of a document recipient and that can decrypt the encrypted electronic document;
  
  first, storing the electronic document in the quarantine;
  
  second, notifying one of the users;
  
  third, receiving from the one of the users the particular decryption data of the document recipient;
  
  fourth, decrypting the electronic document using the particular decryption data of the document recipient and received from the one of the users;
  
  fifth, scanning the electronic document to identify specified content in the electronic document to determine whether the specified content contains malicious elements;
  
  sixth, encrypting the scanned document; and
  
  seventh, performing one or more responsive actions based on the specified content.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26)
- - 20. The computer-readable medium of claim 19, wherein the electronic document is an electronic mail message.
  - 21. The computer-readable medium of claim 19, wherein the electronic document is an instant message.
  - 22. The computer-readable medium of claim 19, wherein the specified content is selected from the group consisting of:
    - one or more viruses;
      
      one or more malicious content elements;
      
      one or more elements of content that are prohibited according to a policy.
  - 23. The computer-readable medium of claim 19, wherein the responsive actions are selected from the group consisting of:
    - deleting the electronic document;
      
      sending the electronic document to the one of the users;
      
      sending the electronic document to an administrator or other user;
      
      archiving the electronic document;
      
      sending the electronic document to another system;
      
      archiving the electronic document in decrypted form; and
      
      modifying the electronic document.
  - 24. The computer-readable medium of claim 19, wherein the decryption data is selected from the group consisting of:
    - one or more decryption keys;
      
      one or more decryption credentials.
  - 25. The computer-readable medium of claim 19, wherein the key server comprises a Pretty Good Privacy (PGP) key server or a public key infrastructure (PKI) certificate authority.
  - 26. The computer-readable medium of claim 19, wherein the one or more processors is in a message processing gateway.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Olechowski, Scott, Eldridge, Shawn, Ullman, Cayce
Primary Examiner(s)
Orgad, Edan
Assistant Examiner(s)
SCHMIDT, KARI L

Application Number

US11/872,561
Publication Number

US 20090097662A1
Time in Patent Office

2,283 Days
Field of Search

713/152, 713/153, 713/169, 380/286, 726/1, 726/14, 726/24, 726/30, 726/28, 709/206
US Class Current

713/153
CPC Class Codes

G06F 21/554   involving event detection a...

G06F 21/56   Computer malware detection ...

H04L 63/0428   wherein the data content is...

H04L 63/06   for supporting key manageme...

H04L 63/1441   Countermeasures against mal...

Processing encrypted electronic documents

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

54 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Processing encrypted electronic documents

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

54 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links