Confidential mail with tracking and authentication

US 9,847,977 B2
Filed: 06/29/2007
Issued: 12/19/2017
Est. Priority Date: 06/29/2007
Status: Active Grant

First Claim

Patent Images

1. A method of verifying that an electronic communication has been received by an intended recipient, the method comprising:

(a) creating a message envelope including at least an encrypted message and a confidential mail token, the encrypted message configured to be decrypted only by server infrastructure of the intended recipient, wherein the decrypted message is forwarded to the intended recipient by the server infrastructure, and wherein the confidential mail token includes a privacy policy bit requiring receipt of a certificate that includes an email address from a recipient of the message envelope;

(b) transmitting the message envelope from a sender to the intended recipient for processing, wherein at least a portion of data within the message envelope is processed to generate a verification return receipt including the certificate that includes the email address of the recipient of the message envelope pursuant to the privacy policy bit forwarded with the confidential mail token;

(c) receiving, by the sender, the verification return receipt including the certificate that includes the email address from the recipient of the message envelope; and

(d) processing the verification return receipt by the sender comparing the email address that was included in the certificate in the verification return receipt received from the recipient of the message envelope to an email address of the intended recipient stored in the confidential mail token to verify that the recipient of the message envelope is the intended recipient, that the message envelope reached the intended recipient and that the message envelope that reached the intended recipient is authentic, wherein in response to verification by the sender that the recipient of the message envelope is the intended recipient as a result of the stored email address of the intended recipient matching the email address received from the recipient, the sender establishing a connection with the recipient'"'"'s server infrastructure and the sender transmitting a session content encryption key to the intended recipient for decrypting the encrypted message within the message envelope previously sent to the server infrastructure.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for confidential electronic communication between a sender workstation and a receiver workstation is provided, whereby privacy is guaranteed for the electronic communications transmitted over the public Internet. The method of confidential communication is equipped with message tracking and message receipt verification. The system for implementing the method includes a sender server that creates a session content encryption key along with a message envelope that includes a content encryption key encrypted message and a confidential mail token. The content encryption key is stored securely inside the sender organization'"'"'s system which transmits the message envelope to an intended recipient. The intended recipient processes the message envelope in order to generate a message receipt verification, which is transmitted to the sender. The message receipt verification is processed by the sender server to verify that the message envelope reached the intended recipient. The message receipt verification, which is comprised of the confidential mail token and unique verification data generated by the intended recipient allows the sender server to verify that the message envelope reached the intended receiver and that the message envelope identified as received is authentic. Following verification that the message transmitted by the sender reached the intended receiver and is authorized, the sender transmits the content encryption key to the intended receiver.

19 Citations

View as Search Results

15 Claims

1. A method of verifying that an electronic communication has been received by an intended recipient, the method comprising:
- (a) creating a message envelope including at least an encrypted message and a confidential mail token, the encrypted message configured to be decrypted only by server infrastructure of the intended recipient, wherein the decrypted message is forwarded to the intended recipient by the server infrastructure, and wherein the confidential mail token includes a privacy policy bit requiring receipt of a certificate that includes an email address from a recipient of the message envelope;
  
  (b) transmitting the message envelope from a sender to the intended recipient for processing, wherein at least a portion of data within the message envelope is processed to generate a verification return receipt including the certificate that includes the email address of the recipient of the message envelope pursuant to the privacy policy bit forwarded with the confidential mail token;
  
  (c) receiving, by the sender, the verification return receipt including the certificate that includes the email address from the recipient of the message envelope; and
  
  (d) processing the verification return receipt by the sender comparing the email address that was included in the certificate in the verification return receipt received from the recipient of the message envelope to an email address of the intended recipient stored in the confidential mail token to verify that the recipient of the message envelope is the intended recipient, that the message envelope reached the intended recipient and that the message envelope that reached the intended recipient is authentic, wherein in response to verification by the sender that the recipient of the message envelope is the intended recipient as a result of the stored email address of the intended recipient matching the email address received from the recipient, the sender establishing a connection with the recipient'"'"'s server infrastructure and the sender transmitting a session content encryption key to the intended recipient for decrypting the encrypted message within the message envelope previously sent to the server infrastructure.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1 wherein the confidential mail token comprised of a plurality of data fields, wherein a first data field within said plurality of data fields is comprised of data representative of a content encryption key encrypted with a public key of the sender, wherein a second data field within said plurality of data fields is comprised of data representative of a hash of a combination of data representative of the encrypted message encrypted with the content encryption key and data representative of a hash of a message signed with a private key of the sender, wherein a third data field within said plurality of data fields is comprised of data representative of a content encryption key encryption of data representative of the hash of the encrypted message encrypted with the content encryption key.
  - 3. The method of claim 1 wherein the confidential mail token is comprised of a plurality of data fields, wherein a data field within the plurality of data fields includes an encrypted time stamp that facilitates tracking of timing associated with receipt of the transmitted message envelope.
  - 4. The method of claim 1 wherein the verification receipt comprises the confidential mail token, data representative of the email address of the recipient, and a unique data set generated by the recipient, wherein the unique data set is derived from data within the message envelope.
  - 5. The method of claim 1 further comprising, verifying that the electronic communication was received by the intended recipient through processing of data representative of the email address of the recipient and a unique data set generated by the recipient.
  - 6. The method of claim 1 further comprising:
    - (e) creating a session content encryption key for each message session initiated;
      
      (f) the message envelope further comprising at least data representative of;
      
      (i) an encrypted version of the electronic communication, encrypted through use of the session content encryption key; and
      
      (ii) a hashed version of the electronic communication signed with a private key of a sender;
      
      (g) wherein the confidential mail token is comprised of a plurality of data fields including at least data representative of;
      
      (1) an encryption of the session content encryption key;
      
      (2) a hash of a data combination comprising the encrypted version of the electronic communication and the hashed version of the electronic communication signed with the private key of the sender; and
      
      (3) an encryption of data representative of a hash of the encrypted version of the electronic communication, wherein the encryption is performed through the use of the session content encryption key.
  - 7. The method of claim 6 wherein the encryption of the session content encryption key is performed by use of the sender'"'"'s private key.
  - 8. The method of claim 6, wherein verifying that the electronic communication was received by the intended recipient comprises:
    - (a) decrypting the encryption of the session content encryption key and using the session content encryption key to decrypt the encryption of data representative of a hash of the encrypted version of the electronic communication; and
      
      (b) comparing the decrypted data representative of the hash of the encrypted version of the electronic communication to a hash of the encrypted version of the communication generated by the recipient.
  - 9. The method of claim 5 wherein the message envelope further comprises data representative of:
    - (a) a signed hash of the confidential mail token, signed with a sender'"'"'s private key; and
      
      (b) a certificate representative of a sender domain.
  - 10. The method of claim 6 wherein the sender verifies that the electronic communication was received by the intended recipient by:
    - (a) processing the confidential mail token transmitted from the recipient in order to determine the content encryption key;
      
      (b) utilizing the session content encryption key to decrypt the hash of the encrypted version of the electronic communication within the confidential mail token; and
      
      (c) comparing the decrypted hash of the encrypted version of the electronic communication within the confidential mail token with the hash of the encrypted version of the communication transmitted by the recipient.

11. A system for authenticating confidential email communications transmitted from a sender to an intended recipient, the system comprising:
- a sender server configured to create and transmit an electronic message envelope including at least an encrypted message and a confidential mail token, the encrypted message configured to be decrypted only by server infrastructure of the intended recipient, wherein the decrypted message is forwarded to the intended recipient by the server infrastructure of the sender, and wherein the confidential mail token includes a privacy policy bit requiring receipt of a certificate that includes an email address from a recipient of the message envelope;
  
  a verification return receipt including the certificate that includes the email address of the recipient of the message envelope pursuant to the privacy policy bit forwarded with the confidential mail token;
  
  wherein the sender server verifies that the electronic message envelope reached the intended recipient by comparing the email address that was included in the certificate in the verification return receipt received from the recipient of the electronic message to an email address of the intended recipient, wherein in response to the stored email address matching the email address received from the recipient stored in the confidential mail token, verifying that the recipient of the message envelope is the intended recipient, that the electronic message envelope reached the intended recipient, that the message that reached the intended recipient is authentic, and the sender establishing a connection with the intended recipient'"'"'s server infrastructure and the sender transmitting a session content encryption key to the intended recipient for decrypting the encrypted message within the message envelope previously sent to the server infrastructure.
- View Dependent Claims (12)
- - 12. The system of claim 11 wherein the sender server receives a secret identifier comprising a hash of the encrypted message generated by the intended recipient.

13. A computer-readable storage device which stores a set of instructions which when executed performs a method for providing confidential electronic communication with tracking and authentication, the method executed by the set of instructions comprising:
- (a) creating a message envelope including at least an encrypted message and a confidential mail token, the encrypted message configured to be decrypted only by server infrastructure associated with an intended recipient, wherein the decrypted message is forwarded to the intended recipient by the server infrastructure, and wherein the confidential mail token includes a privacy policy bit requiring receipt of a certificate that includes an email address from a recipient of the message envelope;
  
  (b) transmitting the message envelope from a sender to the intended recipient for processing, wherein at least a portion of data within the message envelope is processed to generate a verification return receipt including the certificate that includes the email address of the recipient of the message envelope pursuant to the privacy policy bit forwarded with the confidential mail token;
  
  (c) receiving, by the sender, the verification return receipt including the certificate that includes the email address from the recipient of the message envelope;
  
  (d) processing the verification return receipt by the sender comparing the email address that was included in the certificate in the verification return receipt received from the recipient of the message envelope to an email address of the intended recipient stored in the confidential mail token to verify that the recipient of the message envelope is the intended recipient and that the message envelope reached the intended recipient; and
  
  (e) in response to verifying that the recipient of the message envelope is the intended recipient as a result of the stored email address of the intended recipient matching the email address received from the recipient and that the message envelope that reached the intended recipient is authentic, the sender establishing a connection with the intended recipient'"'"'s server infrastructure and the sender transmitting a session content encryption key to the intended recipient for decrypting the encrypted message within the message envelope previously sent to the server infrastructure.
- View Dependent Claims (14, 15)
- - 14. The computer-readable storage device medium of claim 13 wherein the method executed by the set of instructions further comprises decrypting a first encryption key encrypted time stamp within the verification return receipt.
  - 15. The computer-readable storage device of claim 14 wherein the verification receipt includes a unique data set generated by the intended recipient which is processed to verify that the encrypted message is authentic.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Freeman, Trevor W., Mehta, Mayank, de Souza, Jeremy, Kay, Jeffrey B.
Primary Examiner(s)
Williams, Jeffrey
Assistant Examiner(s)
Debnath, Suman

Application Number

US11/771,971
Publication Number

US 20090006851A1
Time in Patent Office

3,826 Days
Field of Search

713170, 713171, 380 28
US Class Current
CPC Class Codes

H04L 63/0442   wherein the sending and rec...

H04L 63/126   the source of the received ...

H04L 63/166   at the transport layer

Confidential mail with tracking and authentication

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

19 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Confidential mail with tracking and authentication

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

19 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links