Systems and methods for controlling email access

US 9,813,390 B2
Filed: 08/22/2016
Issued: 11/07/2017
Est. Priority Date: 12/06/2012
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer-readable medium embodying a program executable in at least one computing device to ensure security of email attachments, comprising code that:

accesses an email sent to a client device from at least one email service, the email comprising an email attachment;

identifies a rule associated with the email, the rule specifying that the email attachment must be removed from the email prior to displaying the email to the recipient;

removes the email attachment from the email in accordance with the rule;

encrypts, without user interaction, the removed email attachment with a cryptographic key accessible to a secure container application, the secure container application being provided separately from an email application used to access the email;

generates an encrypted email attachment from the email attachment using the cryptographic key accessible to the secure container application; and

modifies the email to include the encrypted email attachment.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the disclosure relate to proxying one or more email resources in transit to the client devices from the email services, removing one or more email attachments from the email resources, and encoding the stripped email attachments based at least in part on one or more cryptographic keys.

Citations

20 Claims

1. A non-transitory computer-readable medium embodying a program executable in at least one computing device to ensure security of email attachments, comprising code that:
- accesses an email sent to a client device from at least one email service, the email comprising an email attachment;
  
  identifies a rule associated with the email, the rule specifying that the email attachment must be removed from the email prior to displaying the email to the recipient;
  
  removes the email attachment from the email in accordance with the rule;
  
  encrypts, without user interaction, the removed email attachment with a cryptographic key accessible to a secure container application, the secure container application being provided separately from an email application used to access the email;
  
  generates an encrypted email attachment from the email attachment using the cryptographic key accessible to the secure container application; and
  
  modifies the email to include the encrypted email attachment.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The computer-readable medium of claim 1, wherein the code further:
    - creates the rule using an access control service for a group of client devices; and
      
      activates the rule when the e-mail is sent to a client device within the group of client devices.
  - 3. The computer-readable medium of claim 2, wherein the code further provides a key used to decrypt the encrypted email attachment only to the secure container application, when the rule is activated.
  - 4. The computer-readable medium of claim 2, wherein, when the email is sent to a client device that is not within the group of client devices, the rule is not activated, and the e-mail is sent with the e-mail attachment without encryption.
  - 5. The computer-readable medium of claim 1, wherein the client device:
    - receives the email with the encrypted attachment;
      
      identifies a key used to decrypt the encrypted attachment, the key being provided from a remote service; and
      
      decrypts the encrypted email attachment using the key.
  - 6. The computer-readable medium of claim 1, wherein the email application comprises a native email application.

7. A method for ensuring security of email attachments, comprising:
- accessing an email sent to a client device from at least one email service, the email comprising an email attachment;
  
  identifying a rule associated with the email, the rule specifying that the email attachment must be removed from the email prior to displaying the email to the recipient;
  
  removing the email attachment from the email in accordance with the rule;
  
  encrypting, without user interaction, the removed email attachment with a cryptographic key accessible to a secure container application, the secure container application being provided separately from an email application used to access the email;
  
  generating an encrypted email attachment from the email attachment using the cryptographic key accessible to the secure container application; and
  
  modifying the email to include the encrypted email attachment.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The method of claim 7, further comprising:
    - creating the rule using an access control service for a group of client devices; and
      
      activating the rule when the e-mail is sent to a client device within the group of client devices.
  - 9. The method of claim 8, further comprising:
    - when the rule is activated, providing a key used to decrypt the encrypted email attachment to only the secure container application.
  - 10. The method of claim 8, wherein, when the email is sent to a client device that is not within the group of client devices, the rule is not activated, and the e-mail is sent with the e-mail attachment without encryption.
  - 11. The method of claim 7, wherein the client device:
    - receives the email with the encrypted attachment;
      
      identifies a key used to decrypt the encrypted attachment, the key being provided from a remote service; and
      
      decrypts the encrypted email attachment using the key.
  - 12. The method of claim 7, wherein the email application comprises a native email application.
  - 13. The method of claim 7, further comprising restricting sharing of the encrypted email attachment from the secure container application with other applications.

14. A system for ensuring security of email attachments, comprising:
- a transmitting device comprising a processor and a memory configured to transmit an email;
  
  a receiving device comprising a processor and a memory configured to receive the email;
  
  an email delivery device that facilitates transmitting the email from the transmitting device to the receiving device, wherein the transmitting device, the receiving device, or the email delivery service;
  
  accesses an email sent to the receiving device, the email comprising an email attachment;
  
  identifies a rule associated with the email, the rule specifying that the email attachment must be removed from the email prior to displaying the email to the recipient;
  
  removes the email attachment from the email in accordance with the rule;
  
  encrypts, without user interaction, the removed email attachment with a cryptographic key accessible to a secure container application, the secure container application being provided separately from an email application used to access the email;
  
  generates an encrypted email attachment from the email attachment using the cryptographic key accessible to the secure container application; and
  
  modifies the email to include the encrypted email attachment.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The system of claim 14, further comprising an access control services configured to:
    - create the rule for a group of receiving devices; and
      
      activate the rule when the e-mail is sent to the receiving device within the group of receiving devices.
  - 16. The system of claim 15, wherein, when the rule is activated, a key used to decrypt the encrypted email attachment is provided only to the secure container application.
  - 17. The system of claim 15, wherein, when the email is sent to a receiving device that is not within the group of receiving devices, the rule is not activated, and the e-mail is sent with the e-mail attachment without encryption.
  - 18. The system of claim 14, wherein the receiving device is further configured to:
    - receive the email with the encrypted attachment;
      
      identify a key used to decrypt the encrypted attachment; and
      
      decrypt the encrypted email attachment using the key.
  - 19. The system of claim 14, wherein the email application comprises a native email application.
  - 20. The system of claim 14, further comprising restricting sharing of the encrypted email attachment from the secure container application with other applications.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Omnissa, LLC
Original Assignee
AirWatch LLC (Broadcom, Inc.)
Inventors
Dabbiere, Alan, Stuntebeck, Erich, Brannon, Jonathan Blake
Primary Examiner(s)
Eskandarnia, Arvin

Application Number

US15/242,752
Publication Number

US 20170041299A1
Time in Patent Office

442 Days
Field of Search
US Class Current
CPC Class Codes

H04L 51/08   Annexed information, e.g. a...

H04L 63/0281   Proxies

H04L 63/0428   wherein the data content is...

H04L 63/0435   wherein the sending and rec...

H04L 63/20   for managing network securi...

Systems and methods for controlling email access

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for controlling email access

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links