Securing email conversations

US 9,560,020 B2
Filed: 01/06/2015
Issued: 01/31/2017
Est. Priority Date: 09/28/2011
Status: Active Grant

First Claim

Patent Images

1. At least one non-transitory machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:

determine that at least a portion of a transmission of a first email to be sent from a first email account associated with a first mail server to at least a second email account associated with at least one second mail server is to be secured;

change a first reply-to address in the first email to a substitute reply-to address, wherein the first reply-to address corresponds to the second email account and the substitute reply-to address corresponds to an intermediate device, wherein replies to the first email, directed to the second email account, are to be sent over one or more secure channels to the intermediate device to secure transmission of the replies to the second email server for delivery to the second email account based on the changed reply-to address, wherein the substitute reply-to address comprises a domain portion to direct replies to the intermediate device and a local portion to indicate the second email account, and the local portion comprises an encoding of at least a portion of an address of the second email account to abstract the address of the second email account; and

send the first email with the substitute reply-to address to the second email account over a secure channel.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

At least a portion of a transmission of an outgoing first email from a first email account to at least a second email account is encrypted. Second email address data is changed corresponding to the second email account to cause replies to the first email intended for the second email account to be sent to an intermediate device prior to being routed to the second email account. Replies to the first email are then sent to the intermediate device and sent over one or more encrypted channels. Replies to the first email including the changed email address data are decoded to identify the second email address data associated with the second email account. A reply to the first email is then sent to the second email account based on the identified second email address data.

Citations

19 Claims

1. At least one non-transitory machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:
- determine that at least a portion of a transmission of a first email to be sent from a first email account associated with a first mail server to at least a second email account associated with at least one second mail server is to be secured;
  
  change a first reply-to address in the first email to a substitute reply-to address, wherein the first reply-to address corresponds to the second email account and the substitute reply-to address corresponds to an intermediate device, wherein replies to the first email, directed to the second email account, are to be sent over one or more secure channels to the intermediate device to secure transmission of the replies to the second email server for delivery to the second email account based on the changed reply-to address, wherein the substitute reply-to address comprises a domain portion to direct replies to the intermediate device and a local portion to indicate the second email account, and the local portion comprises an encoding of at least a portion of an address of the second email account to abstract the address of the second email account; and
  
  send the first email with the substitute reply-to address to the second email account over a secure channel.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The storage medium of claim 1, wherein the first email is determined to be secured by encrypting transmission of the first email.
  - 3. The storage medium of claim 2, wherein the one or more secure channels comprise encrypted channels.
  - 4. The storage medium of claim 1, wherein the instructions, when executed, further cause the machine to generate the substitute reply-to address.
  - 5. The storage medium of claim 1, wherein the address of the second email account is to be deciphered by the intermediate device from the encoding.
  - 6. The storage medium of claim 1, wherein the encoding comprises a hash of at least a portion of the address of the second email account.
  - 7. The storage medium of claim 1, wherein the encoding comprises an encryption of at least a portion of the address of the second email account.
  - 8. The storage medium of claim 1, wherein determining that at least a portion of the transmission of the first email is to be secured comprises scanning contents of the first email to determine that a particular policy applies to the first email, wherein the portion of the transmission of the first email is to be encrypted according to the particular policy.
  - 9. The storage medium of claim 1, wherein the first email is to be sent to both the second email account and at least a third email account, and the instructions when executed further cause the machine to:
    - change a second reply-to address in the first email to a second substitute reply-to address, wherein the second reply-to address corresponds to the third email account and the second substitute reply-to address corresponds to the intermediate network device and indicates an address of the third email account, wherein replies to the first email, directed to the third email account, are to be sent over one or more secure channels to the intermediate device to secure transmission of the replies to the third email account based on the second substitute reply-to address; and
      
      send the first email with the substitute reply-to address to the third email account over a corresponding secure channel.
  - 10. The storage medium of claim 9, wherein at least some email transmissions are not secured between the second server and the third server.
  - 11. The storage medium of claim 9, wherein the instructions, when executed, further cause the machine to:
    - receive at least one copy of a reply to the previously-sent first email from the second email account, the at least one copy including the second substitute reply-to address corresponding to the third email account;
      
      decode at least a portion of the second substitute reply-to address corresponding to identify the address associated with the third email account; and
      
      cause the at least one copy to be forwarded to the third email account over a secured communication channel.
  - 12. The storage medium of claim 9, wherein the instructions, when executed, further cause the machine to receive the first email from an email client for transmission to the at least the second email account.
  - 13. The storage medium of claim 1, wherein the intermediate device is independent of the first email server.

14. A method comprising:
- determining that at least a portion of a transmission of a first email to be sent from a first email account associated with a first mail server to at least a second email account associated with at least one second mail server is to be secured;
  
  changing a first reply-to address in the first email to a substitute reply-to address, wherein the first reply-to address corresponds to the second email account and the substitute reply-to address corresponds to an intermediate device, wherein replies to the first email, directed to the second email account, are to be sent over one or more secure channels to the intermediate device to secure transmission of the replies to the second email server for delivery to the second email account based on the changed reply-to address, wherein the substitute reply-to address comprises a domain portion to direct replies to the intermediate device and a local portion to indicate the second email account, and the local portion comprises an encoding of at least a portion of an address of the second email account to abstract the address of the second email account; and
  
  sending the first email with the substitute reply-to address to the second email account over a secure channel.

15. A system comprising:
- an email server comprising;
  
  at least one processor device;
  
  at least one memory element; and
  
  an email security engine, executable to;
  
  determine that at least a portion of a transmission of a first email to be sent from a first email account associated with a first mail server to at least a second email account associated with at least one second mail server is to be secured;
  
  change a first reply-to address in the first email to a substitute reply-to address, wherein the first reply-to address corresponds to the second email account and the substitute reply-to address corresponds to an intermediate device, wherein replies to the first email, directed to the second email account, are to be sent over one or more secure channels to the intermediate device to secure transmission of the replies to the second email server for delivery to the second email account based on the changed reply-to address, wherein the substitute reply-to address comprises a domain portion to direct replies to the intermediate device and a local portion to indicate the second email account, and the local portion comprises an encoding of at least a portion of an address of the second email account to abstract the address of the second email account; and
  
  send the first email with the substitute reply-to address to the second email account over a secure channel.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The system of claim 15, wherein the email server comprises the first mail server.
  - 17. The system of claim 15, wherein the secure channel comprises an encrypted channel encrypted according to a policy assigned to the first email account.
  - 18. The system of claim 15, further comprising the intermediate device.
  - 19. The system of claim 18, wherein the intermediate device is executable to:
    - receive at least one copy of a reply to the first email from another email account, the at least one copy including the substitute reply-to address corresponding to the second email account;
      
      decoding at least a portion of the substitute reply-to address to identify an address associated with the second email account; and
      
      cause the at least one copy to be forwarded to the second email account over a secured communication channel based on the identified address.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Liebmann, Nicholas, McKerrell, Graeme, Neal, Peter
Primary Examiner(s)
TRAN, ELLEN C

Application Number

US14/590,566
Publication Number

US 20150256519A1
Time in Patent Office

756 Days
Field of Search

713/168
US Class Current

1/1
CPC Class Codes

H04L 51/214   using selective forwarding

H04L 51/48   Message addressing, e.g. ad...

H04L 63/0428   wherein the data content is...

H04L 63/0471   applying encryption by an i...

Securing email conversations

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Securing email conversations

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links