Signed ephemeral email addresses

US 9,894,039 B2
Filed: 07/10/2014
Issued: 02/13/2018
Est. Priority Date: 06/22/2008
Status: Expired due to Fees

First Claim

Patent Images

1. A computer system, comprising:

a processor; and

a system memory storing computer-executable instructions that when executed by the processor cause the computer system to;

provision a secret;

receive a friendly name from a user;

generate a hash of the secret and the friendly name;

generate an ephemeral messaging address by concatenating the friendly name, “

friendlyname,”

with a user-defined domain name, “

userdomain,”

to form “

friendlyname@userdomain”

;

sign the ephemeral messaging address with the hash to generate a signed ephemeral messaging address, wherein the signed ephemeral messaging address is generated by including the hash with the ephemeral messaging address to form “

friendlyname-hash@userdomain”

;

provide the signed ephemeral messaging address to the user;

validate, using a network gateway, an incoming message addressed to the signed ephemeral messaging address by comparing the hash of the signed ephemeral messaging address with a signature of the incoming message, wherein the network gateway is configured to look up the secret in an address book to validate the incoming message; and

revoke the secret in response to revocation of the ephemeral messaging address.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Architecture for generating a temporary account (e.g., an email address) with a user-supplied friendly name and a secret used to the sign the temporary account. For example, when a user wishes to create a temporary email address to use with an online organization, a friendly name is provided and the system generates a temporary email address including the friendly name. A signing component signs the temporary email address with a secret. One or more of these secrets can be provisioned prior to the user'"'"'s creation of a friendly name, which eliminates propagation delay. During use, only incoming email messages having the temporary email address signed with the secret are validated. When the user revokes the temporary email address, the secret is revoked and the revocation is propagated to network gateways, rejecting any email sent to that address.

Citations

25 Claims

1. A computer system, comprising:
- a processor; and
  
  a system memory storing computer-executable instructions that when executed by the processor cause the computer system to;
  
  provision a secret;
  
  receive a friendly name from a user;
  
  generate a hash of the secret and the friendly name;
  
  generate an ephemeral messaging address by concatenating the friendly name, “
  
  friendlyname,”
  
  with a user-defined domain name, “
  
  userdomain,”
  
  to form “
  
  friendlyname@userdomain”
  
  ;
  
  sign the ephemeral messaging address with the hash to generate a signed ephemeral messaging address, wherein the signed ephemeral messaging address is generated by including the hash with the ephemeral messaging address to form “
  
  friendlyname-hash@userdomain”
  
  ;
  
  provide the signed ephemeral messaging address to the user;
  
  validate, using a network gateway, an incoming message addressed to the signed ephemeral messaging address by comparing the hash of the signed ephemeral messaging address with a signature of the incoming message, wherein the network gateway is configured to look up the secret in an address book to validate the incoming message; and
  
  revoke the secret in response to revocation of the ephemeral messaging address.
- View Dependent Claims (2, 3)
- - 2. The computer system of claim 1, wherein the ephemeral messaging address is provisioned prior to receiving the friendly name.
  - 3. The computer system of claim 1, the computer-executable instructions further causing the computer system to:
    - concatenate the secret with the friendly name to form “
      
      secret-friendlyname”
      
      prior to generating the hash; and
      
      generate the ephemeral messaging address by concatenating the secret with the friendly name and with the user-defined domain name to form “
      
      secret-friendlyname@userdomain”
      
      .

4. A computer-implemented messaging system, comprising:
- a signing component configured to;
  
  receive a name from a user;
  
  generate an encrypted string of a secret;
  
  generate a temporary message address by concatenating the name, “
  
  name,”
  
  with a user-defined domain name, “
  
  userdomain,”
  
  to form “
  
  name@userdomain”
  
  ;
  
  sign the temporary message address with the encrypted string to create a signed temporary message address, wherein the signed temporary message address is generated by including the encrypted string with the temporary message address to form “
  
  name-encryptedstring@userdomain”
  
  ;
  
  return the signed temporary message address to the user; and
  
  revoke the secret in response to revocation of the temporary message address;
  
  an address book of a network gateway configured to store the temporary message address and the secret;
  
  a validation component of the network gateway configured to validate an incoming message directed to the signed temporary message address by comparing the encrypted string of the signed temporary message address with a signature of the incoming message to determine whether the signature includes the encrypted string, wherein the network gateway is configured to look up the secret in the address book to validate the incoming message; and
  
  at least one hardware processor configured to execute computer-executable instructions in at least one memory associated with the signing component, the address book, and the validation component.
- View Dependent Claims (5, 6, 7, 8, 9)
- - 5. The system of claim 4, wherein the signing component generates a single secret for each user and multiple temporary message addresses are generated using the single secret.
  - 6. The system of claim 4, wherein the signing component generates a plurality of secrets for each user and multiple temporary message addresses are generated that correspond to the plurality of secrets.
  - 7. The system of claim 4, wherein the signing component returns the signed temporary message address, which comprises a user identifier, “
    - ID”
      
      , the name, and the encrypted string that includes the secret that are concatenated to form “
      
      ID-name-encryptedstring@userdomain”
      
      .
  - 8. The system of claim 7, wherein the encrypted string is derived from an operation on a combination of the secret and the name.
  - 9. The system of claim 4, wherein the validation component further comprises a restriction component configured to restrict incoming messages to messages having the temporary message address signed with the secret and the user-defined domain name.

10. A computer-implemented method of messaging, comprising acts of:
- receiving a name from a user;
  
  generating a temporary message address by concatenating the name, “
  
  name,”
  
  with a user-defined domain name, “
  
  userdomain,” and
  
  a top level domain name, “
  
  topleveldomain,”
  
  to form “
  
  name@userdomain.topleveldomain”
  
  ;
  
  propagating the temporary message address for the user and a secret to an address book of a network node;
  
  signing the temporary message address with the secret to create a signed temporary message address, wherein the signed temporary message address is generated by including the secret with the temporary message address to form “
  
  name-secret@userdomain.topleveldomain”
  
  ;
  
  returning the signed temporary message address to the user;
  
  looking up, using the network node, at least one of the temporary message address or the secret in the address book based on receipt of an incoming message directed to the signed temporary message address;
  
  validating, using the network node, the incoming message by one of;
  
  confirming the temporary message address is in the address book; and
  
  comparing the secret of the signed temporary message address with a signature of the incoming message; and
  
  revoking the secret in response to revocation of the temporary message address.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The method of claim 10, further comprising:
    - provisioning the temporary message addresses prior to receiving the name.
  - 12. The method of claim 10, further comprising generating a single secret for each user, and generating a plurality of temporary message addresses using the single secret.
  - 13. The method of claim 10, further comprising generating a plurality of secrets for each user, and generating a plurality of temporary message addresses that correspond to the plurality of secrets.
  - 14. The method of claim 10, further comprising returning a signed message address that comprises a user identifier, “
    - ID”
      
      , the name, and an encrypted string that includes the secret that are concatenated to form “
      
      ID-name-encryptedstring@userdomain.topleveldomain”
      
      .
  - 15. The method of claim 14, further comprising generating the encrypted string by concatenating the secret with the name to generate a hash of the secret and the name.
  - 16. The method of claim 10, further comprising restricting incoming messages to messages having the temporary message address signed with the secret and the user-defined domain name.

17. A computer-readable hardware storage medium comprising instructions that when executed by a hardware processor, cause the hardware processor to perform acts comprising:
- receiving a name from a user;
  
  generating a temporary message address by concatenating the name, “
  
  name,”
  
  with a user-defined domain name, “
  
  userdomain,” and
  
  a top level domain name, “
  
  topleveldomain,”
  
  to form “
  
  name@userdomain.topleveldomain”
  
  ;
  
  propagating the temporary message address for the user and a secret to an address book of a network node;
  
  signing the temporary message address with the secret to create a signed temporary message address, wherein the signed temporary message address is generated by including the secret with the temporary message address to form “
  
  name-secret@userdomain.topleveldomain”
  
  ;
  
  returning the signed temporary message address to the user;
  
  looking up, using the network node, at least one of the temporary message address or the secret in the address book based on receipt of an incoming message directed to the signed temporary message address;
  
  comparing, using the network node, the secret of the temporary message address with a signature of the incoming message to determine whether the signature includes the secret; and
  
  revoking the secret in response to revocation of the temporary message address.
- View Dependent Claims (18, 19, 20, 21, 22, 23)
- - 18. The computer-readable hardware storage medium of claim 17, further comprising provisioning the temporary message addresses prior to receipt of the name.
  - 19. The computer-readable hardware storage medium of claim 17, further comprising revoking the secret in response to revocation of the temporary message address.
  - 20. The computer-readable hardware storage medium of claim 17, further comprising generating a single secret for each user, and generating a plurality of temporary message addresses using the single secret.
  - 21. The computer-readable hardware storage medium of claim 17, further comprising generating a plurality of secrets for each user, and generating a plurality of temporary message addresses that correspond to the plurality of secrets.
  - 22. The computer-readable hardware storage medium of claim 17, further comprising:
    - returning a signed temporary message address that comprises a user identifier, “
      
      ID”
      
      , the name, and an encrypted string that includes the secret; and
      
      generating the encrypted string by concatenating the secret with the name to generate a hash of the secret and the name.
  - 23. The computer-readable hardware storage medium of claim 17, further comprising restricting incoming messages to messages having the temporary message address signed with the secret and the user-defined domain name.

24. A computer-readable hardware medium comprising computer-executable instructions that when executed by a hardware processor enable a system to:
- receive a name from a user;
  
  provision a secret;
  
  sign the ephemeral address with the secret to generate a signed ephemeral address, wherein the signed ephemeral address is generated by concatenating the name, “
  
  name,” and
  
  the secret, “
  
  secret,”
  
  with a user-defined domain name, “
  
  userdomain,” and
  
  a top level domain name, “
  
  topleveldomain,”
  
  to form “
  
  name-secret@userdomain.topleveldomain”
  
  ;
  
  return the signed ephemeral address to the user;
  
  receive and store the signed ephemeral address and the secret in an address book at a network gateway;
  
  validate, using the network gateway, an incoming message directed to the ephemeral address by at least one of;
  
  confirming the ephemeral address is in the address book; and
  
  comparing the secret of the signed ephemera address with a signature of the incoming message to determine whether the signature includes the secret; and
  
  revoke the secret in response to revocation of the ephemeral address.

25. A computer system, comprising:
- a processor; and
  
  a system memory storing computer-executable instructions that when executed by the processor cause the computer system to;
  
  receive a name from a user;
  
  generate a hash of a secret and the name;
  
  generate a temporary messaging address by concatenating the name, “
  
  name,”
  
  with a user-defined domain name, “
  
  userdomain,” and
  
  a top level domain name, “
  
  topleveldomain,”
  
  to form “
  
  name@userdomain.topleveldomain”
  
  ;
  
  sign the temporary messaging address with the hash to generate a signed temporary messaging address, wherein the signed temporary message address is generated by including the hash with the temporary message address to form “
  
  name-hash@userdomain.topleveldomain”
  
  ;
  
  validate, using a network gateway, an incoming message addressed to the signed temporary messaging address by comparing the hash of the signed temporary messaging address with a signature of the incoming message to determine whether the signature includes the hash, wherein the network gateway is configured to look up the secret in an address book to validate the incoming message; and
  
  revoke the secret in response to revocation of the temporary message address.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Salada, Charles R., Neto, Mayerber Carvalho, Chung, Charlie, Mehta, Mayank
Primary Examiner(s)
Pham, Luu
Assistant Examiner(s)
Baum, Ronald

Application Number

US14/327,562
Publication Number

US 20140331310A1
Time in Patent Office

1,314 Days
Field of Search

726 12
US Class Current
CPC Class Codes

G06Q 10/107   Computer-aided management o...

H04L 2209/80   Wireless

H04L 51/212   using filtering or selectiv...

H04L 51/48   Message addressing, e.g. ad...

H04L 63/0281   Proxies

H04L 9/0891   Revocation or update of sec...

H04L 9/3247   involving digital signatures

Signed ephemeral email addresses

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Signed ephemeral email addresses

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links