E-mail firewall with policy-based cryptosecurity
First Claim
1. A messaging firewall for restricting transmission of messages entering into or originating from within an organization having a plurality of individual users in accordance with a plurality of policies selectable by an administrator of the messaging firewall, said messaging firewall comprising:
- a messaging relay, implemented at least partially on one or more hardware processors, for causing said messages entering into or originating from within the organization to be transmitted; and
a plurality of policy managers, responsive to said messaging relay, for enforcing the administrator selectable policies,said policies comprising at least a source/destination policy, at least a content policy and at least a virus policy, said policies being applicable to groups of users, said policy managers comprising;
an access manager for restricting the transmission of messages in accordance with said source/destination policy, wherein said source/destination policy includes an access policy that prohibits messages addressed to a destination electronic mail address from being sent to the destination electronic mail address, and wherein said source/destination policy includes a plain text access policy that requires the messaging firewall to be designated as a recipient on messages of a first type;
a content manager for restricting transmission of messages in accordance with said content policy;
a virus manager for restricting transmission of messages in accordance with said virus policy; and
a security manager for enforcing a client security usage policy that specifies that encryption, signature, or encryption and signature should be applied to a policy specified subset of sender users and messages, wherein the policy specified subset of sender users includes a first sender user, but not a second sender user, and wherein the security manager encrypts, adds a signature, or encrypts and adds a signature to a message originating from the first sender user, but not to a message originating from the second sender user,each of said messages comprising at least one recipient address, the firewall transmitting a message to said at least one recipient address in response to a predetermined policy result of a policy manager.
3 Assignments
0 Petitions
Accused Products
Abstract
An e-mail firewall applies policies to e-mail messages between a first site and second sites in accordance with administrator selectable policies. The firewall includes a simple mail transfer protocol relay for causing the e-mail messages to be transmitted between the first site and selected ones of the second sites. Policy managers enforce-administrator selectable policies relative to one or more of encryption and decryption, signature, source/destination, content and viruses.
-
Citations
19 Claims
-
1. A messaging firewall for restricting transmission of messages entering into or originating from within an organization having a plurality of individual users in accordance with a plurality of policies selectable by an administrator of the messaging firewall, said messaging firewall comprising:
-
a messaging relay, implemented at least partially on one or more hardware processors, for causing said messages entering into or originating from within the organization to be transmitted; and a plurality of policy managers, responsive to said messaging relay, for enforcing the administrator selectable policies, said policies comprising at least a source/destination policy, at least a content policy and at least a virus policy, said policies being applicable to groups of users, said policy managers comprising; an access manager for restricting the transmission of messages in accordance with said source/destination policy, wherein said source/destination policy includes an access policy that prohibits messages addressed to a destination electronic mail address from being sent to the destination electronic mail address, and wherein said source/destination policy includes a plain text access policy that requires the messaging firewall to be designated as a recipient on messages of a first type; a content manager for restricting transmission of messages in accordance with said content policy; a virus manager for restricting transmission of messages in accordance with said virus policy; and a security manager for enforcing a client security usage policy that specifies that encryption, signature, or encryption and signature should be applied to a policy specified subset of sender users and messages, wherein the policy specified subset of sender users includes a first sender user, but not a second sender user, and wherein the security manager encrypts, adds a signature, or encrypts and adds a signature to a message originating from the first sender user, but not to a message originating from the second sender user, each of said messages comprising at least one recipient address, the firewall transmitting a message to said at least one recipient address in response to a predetermined policy result of a policy manager. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 19)
-
-
15. A method of restricting transmission of messages entering into or originating from within an organization having a plurality of individual users in accordance with a plurality of policies selectable by an administrator of a messaging firewall, said method comprising:
-
enforcing, by one or more processors, one or more administrator selectable policies, said policies comprising at least a source/destination policy, at least a content policy and at least a virus policy, said policies being applicable to groups of users, said source/destination policy including an access policy that prohibits messages addressed to a destination electronic mail address from being sent to the destination electronic mail address, and said source/destination policy including a plain text access policy that requires the messaging firewall to be designated as a recipient on messages of a first type; enforcing a client security usage policy that specifies that encryption, signature, or encryption and signature should be applied to a policy specified subset of sender users and messages, each of said messages comprising at least one recipient address, wherein the policy specified subset of sender users includes a first sender user, but not a second sender user, and wherein the encryption, signature, or encryption and signature is applied to a message originating from the first sender user, but not to a message originating from the second sender user; and transmitting a message to said at least one recipient address in response to a predetermined policy result. - View Dependent Claims (16, 17, 18)
-
Specification