Signed ephemeral email addresses
First Claim
1. A computer system, comprising:
- a processor; and
a system memory storing computer-executable instructions that when executed by the processor cause the computer system to;
provision a secret;
receive a friendly name from a user;
generate a hash of the secret and the friendly name;
generate an ephemeral messaging address by concatenating the friendly name, “
friendlyname,”
with a user-defined domain name, “
userdomain,”
to form “
friendlyname@userdomain”
;
sign the ephemeral messaging address with the hash to generate a signed ephemeral messaging address, wherein the signed ephemeral messaging address is generated by including the hash with the ephemeral messaging address to form “
friendlyname-hash@userdomain”
;
provide the signed ephemeral messaging address to the user;
validate, using a network gateway, an incoming message addressed to the signed ephemeral messaging address by comparing the hash of the signed ephemeral messaging address with a signature of the incoming message, wherein the network gateway is configured to look up the secret in an address book to validate the incoming message; and
revoke the secret in response to revocation of the ephemeral messaging address.
3 Assignments
0 Petitions
Accused Products
Abstract
Architecture for generating a temporary account (e.g., an email address) with a user-supplied friendly name and a secret used to the sign the temporary account. For example, when a user wishes to create a temporary email address to use with an online organization, a friendly name is provided and the system generates a temporary email address including the friendly name. A signing component signs the temporary email address with a secret. One or more of these secrets can be provisioned prior to the user'"'"'s creation of a friendly name, which eliminates propagation delay. During use, only incoming email messages having the temporary email address signed with the secret are validated. When the user revokes the temporary email address, the secret is revoked and the revocation is propagated to network gateways, rejecting any email sent to that address.
-
Citations
25 Claims
-
1. A computer system, comprising:
-
a processor; and a system memory storing computer-executable instructions that when executed by the processor cause the computer system to; provision a secret; receive a friendly name from a user; generate a hash of the secret and the friendly name; generate an ephemeral messaging address by concatenating the friendly name, “
friendlyname,”
with a user-defined domain name, “
userdomain,”
to form “
friendlyname@userdomain”
;sign the ephemeral messaging address with the hash to generate a signed ephemeral messaging address, wherein the signed ephemeral messaging address is generated by including the hash with the ephemeral messaging address to form “
friendlyname-hash@userdomain”
;provide the signed ephemeral messaging address to the user; validate, using a network gateway, an incoming message addressed to the signed ephemeral messaging address by comparing the hash of the signed ephemeral messaging address with a signature of the incoming message, wherein the network gateway is configured to look up the secret in an address book to validate the incoming message; and revoke the secret in response to revocation of the ephemeral messaging address. - View Dependent Claims (2, 3)
-
-
4. A computer-implemented messaging system, comprising:
-
a signing component configured to; receive a name from a user; generate an encrypted string of a secret; generate a temporary message address by concatenating the name, “
name,”
with a user-defined domain name, “
userdomain,”
to form “
name@userdomain”
;sign the temporary message address with the encrypted string to create a signed temporary message address, wherein the signed temporary message address is generated by including the encrypted string with the temporary message address to form “
name-encryptedstring@userdomain”
;return the signed temporary message address to the user; and revoke the secret in response to revocation of the temporary message address; an address book of a network gateway configured to store the temporary message address and the secret; a validation component of the network gateway configured to validate an incoming message directed to the signed temporary message address by comparing the encrypted string of the signed temporary message address with a signature of the incoming message to determine whether the signature includes the encrypted string, wherein the network gateway is configured to look up the secret in the address book to validate the incoming message; and at least one hardware processor configured to execute computer-executable instructions in at least one memory associated with the signing component, the address book, and the validation component. - View Dependent Claims (5, 6, 7, 8, 9)
-
-
10. A computer-implemented method of messaging, comprising acts of:
-
receiving a name from a user; generating a temporary message address by concatenating the name, “
name,”
with a user-defined domain name, “
userdomain,” and
a top level domain name, “
topleveldomain,”
to form “
name@userdomain.topleveldomain”
;propagating the temporary message address for the user and a secret to an address book of a network node; signing the temporary message address with the secret to create a signed temporary message address, wherein the signed temporary message address is generated by including the secret with the temporary message address to form “
name-secret@userdomain.topleveldomain”
;returning the signed temporary message address to the user; looking up, using the network node, at least one of the temporary message address or the secret in the address book based on receipt of an incoming message directed to the signed temporary message address; validating, using the network node, the incoming message by one of; confirming the temporary message address is in the address book; and comparing the secret of the signed temporary message address with a signature of the incoming message; and revoking the secret in response to revocation of the temporary message address. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A computer-readable hardware storage medium comprising instructions that when executed by a hardware processor, cause the hardware processor to perform acts comprising:
-
receiving a name from a user; generating a temporary message address by concatenating the name, “
name,”
with a user-defined domain name, “
userdomain,” and
a top level domain name, “
topleveldomain,”
to form “
name@userdomain.topleveldomain”
;propagating the temporary message address for the user and a secret to an address book of a network node; signing the temporary message address with the secret to create a signed temporary message address, wherein the signed temporary message address is generated by including the secret with the temporary message address to form “
name-secret@userdomain.topleveldomain”
;returning the signed temporary message address to the user; looking up, using the network node, at least one of the temporary message address or the secret in the address book based on receipt of an incoming message directed to the signed temporary message address; comparing, using the network node, the secret of the temporary message address with a signature of the incoming message to determine whether the signature includes the secret; and revoking the secret in response to revocation of the temporary message address. - View Dependent Claims (18, 19, 20, 21, 22, 23)
-
-
24. A computer-readable hardware medium comprising computer-executable instructions that when executed by a hardware processor enable a system to:
-
receive a name from a user; provision a secret; sign the ephemeral address with the secret to generate a signed ephemeral address, wherein the signed ephemeral address is generated by concatenating the name, “
name,” and
the secret, “
secret,”
with a user-defined domain name, “
userdomain,” and
a top level domain name, “
topleveldomain,”
to form “
name-secret@userdomain.topleveldomain”
;return the signed ephemeral address to the user; receive and store the signed ephemeral address and the secret in an address book at a network gateway; validate, using the network gateway, an incoming message directed to the ephemeral address by at least one of; confirming the ephemeral address is in the address book; and comparing the secret of the signed ephemera address with a signature of the incoming message to determine whether the signature includes the secret; and revoke the secret in response to revocation of the ephemeral address.
-
-
25. A computer system, comprising:
-
a processor; and a system memory storing computer-executable instructions that when executed by the processor cause the computer system to; receive a name from a user; generate a hash of a secret and the name; generate a temporary messaging address by concatenating the name, “
name,”
with a user-defined domain name, “
userdomain,” and
a top level domain name, “
topleveldomain,”
to form “
name@userdomain.topleveldomain”
;sign the temporary messaging address with the hash to generate a signed temporary messaging address, wherein the signed temporary message address is generated by including the hash with the temporary message address to form “
name-hash@userdomain.topleveldomain”
;validate, using a network gateway, an incoming message addressed to the signed temporary messaging address by comparing the hash of the signed temporary messaging address with a signature of the incoming message to determine whether the signature includes the hash, wherein the network gateway is configured to look up the secret in an address book to validate the incoming message; and revoke the secret in response to revocation of the temporary message address.
-
Specification