Secure message delivery using a trust broker
First Claim
1. A computer-implemented method for securely sending an email message from a first organization to a second organization over an unsecured network, the method comprising:
- receiving, by an email server of the first organization, an email message from a client computer of a sender associated with the first organization;
identifying, by the email server of the first organization, an email server of a second organization associated with a recipient of the email message;
sending, by the email server of the first organization, a request to a federation server configured to act as a trust broker between the first organization and the second organization, wherein the request identifies the email server of the first organization and requests a token for securely sending the email message to the email server of the second organization;
receiving, by the email server of the first organization, a response to the request from the federation server, the response including a symmetric key and an encrypted token that contains the symmetric key, wherein the encrypted token can only be opened by the email server of the second organization with a private key of the second organization; and
using, by the email server of the first organization, the symmetric key and the encrypted token received from the federation server to secure and send the email message to the email server of the second organization over the unsecured network.
2 Assignments
0 Petitions
Accused Products
Abstract
An email security system is described that allows users within different organizations to securely send email to one another. The email security system provides a federation server on the Internet or other unsecured network accessible by each of the organizations. Each organization provides identity information to the federation server. When a sender in one organization sends a message to a recipient in another organization, the federation server provides the sender'"'"'s email server with a secure token for encrypting the message to provide secure delivery over the unsecured network.
-
Citations
20 Claims
-
1. A computer-implemented method for securely sending an email message from a first organization to a second organization over an unsecured network, the method comprising:
-
receiving, by an email server of the first organization, an email message from a client computer of a sender associated with the first organization; identifying, by the email server of the first organization, an email server of a second organization associated with a recipient of the email message; sending, by the email server of the first organization, a request to a federation server configured to act as a trust broker between the first organization and the second organization, wherein the request identifies the email server of the first organization and requests a token for securely sending the email message to the email server of the second organization; receiving, by the email server of the first organization, a response to the request from the federation server, the response including a symmetric key and an encrypted token that contains the symmetric key, wherein the encrypted token can only be opened by the email server of the second organization with a private key of the second organization; and using, by the email server of the first organization, the symmetric key and the encrypted token received from the federation server to secure and send the email message to the email server of the second organization over the unsecured network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A computer-readable storage device that does not consist of a signal, the computer-readable storage device storing computer-executable instructions that, when executed, cause a computer system to perform a method comprising:
-
receiving an email message from a client computer of a sender associated with a first organization; identifying an email server of a second organization associated with a recipient of the email message; sending a request to a federation server configured to act as a trust broker between the first organization and the second organization, wherein the request identifies the computer system and requests a token for securely sending the email message to the email server of the second organization; receiving a response to the request from the federation sever, the response including a symmetric key and an encrypted token that contains the symmetric key, wherein the encrypted token can only be opened by the email server of the second organization with a private key of the second organization; and using the symmetric key and the encrypted token received from the federation server to secure and send the email message to the email server of the second organization over an unsecured network. - View Dependent Claims (14, 15, 16, 17, 18)
-
-
19. A computer system comprising:
-
a processor configured to execute computer-executable instructions; and memory storing computer-executable instructions that, when executed by the processor, cause the computer system to perform a method comprising; receiving an email message from a client computer of a sender associated with a first organization; identifying an email server of a second organization associated with a recipient of the email message; sending a request to a federation server configured to act as a trust broker between the first organization and the second organization, wherein the request identifies the computer system and requests a token for securely sending the email message to the email server of the second organization; receiving a response to the request from the federation sever, the response including a symmetric key and an encrypted token that contains the symmetric key, wherein the encrypted token can only be opened by the email server of the second organization with a private key of the second organization; and using the symmetric key and the encrypted token received from the federation server to secure and send the email message to the email server of the second organization over an unsecured network. - View Dependent Claims (20)
-
Specification