E-mail firewall with policy-based cryptosecurity

US 9,838,358 B2
Filed: 08/06/2014
Issued: 12/05/2017
Est. Priority Date: 07/24/1997
Status: Expired due to Fees

First Claim

Patent Images

1. A messaging firewall for restricting transmission of messages entering into or originating from within an organization having a plurality of individual users in accordance with a plurality of policies selectable by an administrator of the messaging firewall, said messaging firewall comprising:

a messaging relay, implemented at least partially on one or more hardware processors, for causing said messages entering into or originating from within the organization to be transmitted; and

a plurality of policy managers, responsive to said messaging relay, for enforcing the administrator selectable policies,said policies comprising at least a source/destination policy, at least a content policy and at least a virus policy, said policies being applicable to groups of users, said policy managers comprising;

an access manager for restricting the transmission of messages in accordance with said source/destination policy, wherein said source/destination policy includes an access policy that prohibits messages addressed to a destination electronic mail address from being sent to the destination electronic mail address, and wherein said source/destination policy includes a plain text access policy that requires the messaging firewall to be designated as a recipient on messages of a first type;

a content manager for restricting transmission of messages in accordance with said content policy;

a virus manager for restricting transmission of messages in accordance with said virus policy; and

a security manager for enforcing a client security usage policy that specifies that encryption, signature, or encryption and signature should be applied to a policy specified subset of sender users and messages, wherein the policy specified subset of sender users includes a first sender user, but not a second sender user, and wherein the security manager encrypts, adds a signature, or encrypts and adds a signature to a message originating from the first sender user, but not to a message originating from the second sender user,each of said messages comprising at least one recipient address, the firewall transmitting a message to said at least one recipient address in response to a predetermined policy result of a policy manager.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An e-mail firewall applies policies to e-mail messages between a first site and second sites in accordance with administrator selectable policies. The firewall includes a simple mail transfer protocol relay for causing the e-mail messages to be transmitted between the first site and selected ones of the second sites. Policy managers enforce-administrator selectable policies relative to one or more of encryption and decryption, signature, source/destination, content and viruses.

31 Citations

View as Search Results

19 Claims

1. A messaging firewall for restricting transmission of messages entering into or originating from within an organization having a plurality of individual users in accordance with a plurality of policies selectable by an administrator of the messaging firewall, said messaging firewall comprising:
- a messaging relay, implemented at least partially on one or more hardware processors, for causing said messages entering into or originating from within the organization to be transmitted; and
  
  a plurality of policy managers, responsive to said messaging relay, for enforcing the administrator selectable policies,said policies comprising at least a source/destination policy, at least a content policy and at least a virus policy, said policies being applicable to groups of users, said policy managers comprising;
  
  an access manager for restricting the transmission of messages in accordance with said source/destination policy, wherein said source/destination policy includes an access policy that prohibits messages addressed to a destination electronic mail address from being sent to the destination electronic mail address, and wherein said source/destination policy includes a plain text access policy that requires the messaging firewall to be designated as a recipient on messages of a first type;
  
  a content manager for restricting transmission of messages in accordance with said content policy;
  
  a virus manager for restricting transmission of messages in accordance with said virus policy; and
  
  a security manager for enforcing a client security usage policy that specifies that encryption, signature, or encryption and signature should be applied to a policy specified subset of sender users and messages, wherein the policy specified subset of sender users includes a first sender user, but not a second sender user, and wherein the security manager encrypts, adds a signature, or encrypts and adds a signature to a message originating from the first sender user, but not to a message originating from the second sender user,each of said messages comprising at least one recipient address, the firewall transmitting a message to said at least one recipient address in response to a predetermined policy result of a policy manager.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 19)
- - 2. The messaging firewall of claim 1, wherein the security manager further applies a proxy encryption and signature policy to the messages on behalf of a policy specified subset of users.
  - 3. The messaging firewall of claim 1, wherein said policy managers further comprise a format manager, responsive to said administrator selectable policies, for converting said messages from a first format to a second format.
  - 4. The messaging firewall of claim 1, wherein said messages are formatted into a plurality of fields comprising a source field, a destination field, subject field, and a message field.
  - 5. The messaging firewall of claim 4, wherein said access manager is responsive to said source/destination policy specified for each of said fields of said messages.
  - 6. The messaging firewall of claim 5, wherein said messages are further characterized by a size field and wherein said access manager is responsive to said source/destination policy specified for said size field.
  - 7. The messaging firewall of claim 5, wherein said messages are further characterized by a date and time field and wherein said access manager is responsive to said source/destination policy specified for said date and time field.
  - 8. The messaging firewall of claim 5, wherein said content manager is responsive, in accordance with said content policy, to information contained in said subject field and in said message field.
  - 9. The messaging firewall of claim 1, wherein said virus manager is responsive to messages containing compressed information for detecting viruses contained in said compressed information.
  - 10. The messaging firewall of claim 1, wherein the message relay is configured to relay messages to at least one administrator specified messaging host.
  - 11. The messaging firewall of claim 1, wherein the virus manager applies policies on clean messages that have been scanned for a virus and have been found to be free of viruses.
  - 12. The messaging firewall of claim 11, wherein the virus manager annotates the clean messages with a clean stamp annotation to indicate that no viruses were detected.
  - 13. The messaging firewall of claim 1, wherein said policies further comprise a plurality of administrator selectable criteria, a plurality of administrator selectable exceptions to said criteria, and a plurality of administrator selectable actions associated with said criteria and exceptions.
  - 14. The messaging firewall of claim 1, wherein the firewall transmits the message originating from the first sender user to said at least one recipient address in response to the predetermined policy result of the policy manager.
  - 19. The messaging firewall of claim 1, wherein messages of the first type are encrypted messages, and the access manager sends a public key of the message firewall to the first sender user of the message by sending a signed notification to the first sender user.

15. A method of restricting transmission of messages entering into or originating from within an organization having a plurality of individual users in accordance with a plurality of policies selectable by an administrator of a messaging firewall, said method comprising:
- enforcing, by one or more processors, one or more administrator selectable policies, said policies comprising at least a source/destination policy, at least a content policy and at least a virus policy, said policies being applicable to groups of users, said source/destination policy including an access policy that prohibits messages addressed to a destination electronic mail address from being sent to the destination electronic mail address, and said source/destination policy including a plain text access policy that requires the messaging firewall to be designated as a recipient on messages of a first type;
  
  enforcing a client security usage policy that specifies that encryption, signature, or encryption and signature should be applied to a policy specified subset of sender users and messages, each of said messages comprising at least one recipient address, wherein the policy specified subset of sender users includes a first sender user, but not a second sender user, and wherein the encryption, signature, or encryption and signature is applied to a message originating from the first sender user, but not to a message originating from the second sender user; and
  
  transmitting a message to said at least one recipient address in response to a predetermined policy result.
- View Dependent Claims (16, 17, 18)
- - 16. The method of claim 15, further comprising:
    - restricting the transmission of messages in accordance with said source/destination policy.
  - 17. The method of claim 15, further comprising:
    - restricting transmission of messages in accordance with said content policy.
  - 18. The method of claim 15, further comprising:
    - restricting transmission of messages in accordance with said virus policy.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Axway Incorporated (Axway Software SA)
Original Assignee
Axway Incorporated (Axway Software SA)
Inventors
Dickinson, III, Robert D., Krishnamurthy, Sathvik
Primary Examiner(s)
Lanier, Benjamin
Assistant Examiner(s)
CALLAHAN, PAUL E

Application Number

US14/453,441
Publication Number

US 20140351883A1
Time in Patent Office

1,217 Days
Field of Search
US Class Current
CPC Class Codes

H04L 2209/76   Proxy, i.e. using intermedi...

H04L 51/063   Content adaptation, e.g. re...

H04L 51/212   using filtering or selectiv...

H04L 51/224   providing notification on i...

H04L 63/0227   Filtering policies mail mes...

H04L 63/0245   Filtering by information in...

H04L 63/0263   Rule management

H04L 63/0428   wherein the data content is...

H04L 63/0464   using hop-by-hop encryption...

E-mail firewall with policy-based cryptosecurity

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

31 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

E-mail firewall with policy-based cryptosecurity

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

31 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links