Method and system for protecting digital objects distributed over a network by electronic mail

US 20030237005A1
Filed: 06/18/2003
Published: 12/25/2003
Est. Priority Date: 06/21/2002
Status: Abandoned Application

First Claim

Patent Images

1. In a communications network, a system for protecting objects delivered within the network comprising:

a) a sending device connected to the network, the sending device configured by software running at the sending device to identify a security policy for an object and the recipient of the object;

b) a recipient device connected to the network, the recipient device configured by software running at the recipient device to request and receive an object;

c) an object server connected to the network, the object server configured by software running at the object server to store the object and to respond to the request from the recipient; and

d) a security server connected to the network, the security server configured by software running at the security server to protect the object such that it may be accessed only according to the security policy after it is sent to the recipient device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for protecting digital objects transmitted over a network. A sender creates a notification specifying an object to be delivered to a recipient as well the object'"'"'s security policy and any authentication information required to access the object. The notification is sent to an object server which creates an identifier associated with the object and sends an e-mail message with the identifier to the recipient. The recipient may access the object by referencing the identifier. The object server authenticates the request for the object and redirects the request to a security server. The security server protects the object in accordance with the security policy designated by the sender and combines the object with mobile code to enforce the security policy at the recipient'"'"'s computer. The protected object is sent to the recipient. When the recipient tries to access the object, the mobile code executes and instantiates the object'"'"'s security policy and object controls for enforcing the security policy at the recipient. The object may only be accessed in accordance with the security policy. An audit trail of actions related to the object may also be established.

91 Citations

View as Search Results

44 Claims

1. In a communications network, a system for protecting objects delivered within the network comprising:
- a) a sending device connected to the network, the sending device configured by software running at the sending device to identify a security policy for an object and the recipient of the object;
  
  b) a recipient device connected to the network, the recipient device configured by software running at the recipient device to request and receive an object;
  
  c) an object server connected to the network, the object server configured by software running at the object server to store the object and to respond to the request from the recipient; and
  
  d) a security server connected to the network, the security server configured by software running at the security server to protect the object such that it may be accessed only according to the security policy after it is sent to the recipient device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The system of claim 1 further comprising the sending device configured by software running at the sending device to send a notification of the security policy and the recipient of the object to the object server.
  - 3. The system of claim 2 further comprising the sending device configured by software running at the sending device to send the object to the object server as an attachment to the notification.
  - 4. The system of claim 2 further comprising the sending device configured by software running at the sending device to identify an authentication policy and send it to the object server with the notification.
  - 5. The system of claim 1 further comprising the object server configured by software running at the object server to store the object received from the sending device.
  - 6. The system of claim 1 further comprising the object server configured by software running at the object server to create an identifier for the object.
  - 7. The system of claim 6 further comprising the object server configured by software running at the object server to send a message including the identifier to access the object to the recipient device.
  - 8. The system of claim 1 further comprising the object server configured by software running at the object server to authenticate a request for the object from the recipient device.
  - 9. The system of claim 1 further comprising the object server configured by software running at the object server to redirect a request for the object to the security server.
  - 10. The system of claim 9 further comprising the object server configured by software running at the object server to create an enhanced request for the object, where the enhanced request is redirected to the security server.
  - 11. The system of claim 10 where the enhanced request is a second object including at least one of the following:
    - a) cryptographically-protected authentication of the original request for the requested object;
      
      b) cryptographically-protected time of the original request for the requested object;
      
      c) cryptographically-protected serialization of the protected object; and
      
      d) cryptographically-protected security policy for the requested object.
  - 12. The system of claim 1 further comprising the security server configured by software running at the security server to retrieve the object.
  - 13. The system of claim 12 wherein the object may be retrieved from any one of the following:
    - a) the object server;
      
      b) storage associated with the object server;
      
      c) storage associated with the security server.
  - 14. The system of claim 1 further comprising the security server configured by software running at the security server to combine the object with mobile code, the security policy, and object controls.
  - 15. The system of claim 1 further comprising the security server configured by software running at the security server to encrypt the object.
  - 16. The system of claim 1 further comprising the security server configured by software running at the security server to send the protected object to the recipient device.
  - 17. The system of claim 1 further comprising the security server configured by software running at the security server to establish an audit trail of actions relating to the object.
  - 18. The system of claim 1 further comprising the security server configured by software running at the security server to send a decryption key to the recipient following an authenticated request from the recipient for the decryption key.

19. In a communications network, a system for protecting objects delivered in the network, the system comprising:
- a) a sending device having a first e-mail program and a first software program in association with the first e-mail program, the first software program having means for designating at least one of the following;
  
  i) a security policy for an object, ii) at least one recipient of the object;
  
  iii) authentication information required in order to access the object, where the designations made by the first software program are sent via an e-mail message to the object server;
  
  b) the object server in network connection with the sending device, the object server having a second e-mail program and a second software program in association with the second e-mail program, the second software program having means for doing at least one of the following;
  
  i) creating an identifier associated with the object;
  
  ii) authenticating a request for an object; and
  
  iii) redirecting an authenticated request for an object to a security server;
  
  iv) storing any attachments from the e-mail message from the sending device at the object server;
  
  where the object server sends an e-mail message containing the identifier associated with the object to the at least one recipient designated by the first software program and receives a request from the recipient for the object which is redirected to the security server after authentication of the request;
  
  c) the security server in network connection with the object server, the security server having a third e-mail program and a third software program in association with the third e-mail program, the third software program having means for doing at least one of the following;
  
  i) obtaining the object from the object server;
  
  ii) obtaining the object from local storage;
  
  iii) combining the object with mobile code, the security policy, and object controls; and
  
  iv) encrypting the object; and
  
  d) a recipient device in network connection with the object server, the recipient device having a fourth e-mail program and a browser in association with the e-mail program, where the recipient device receives the e-mail message from the object server and requests the object from the object server by referencing the identifier.
- View Dependent Claims (20, 21, 22, 27)
- - 20. The system of claim 19 further comprising the second software program at the object server having means for creating an enhanced object, where the enhanced request is sent to the security server.
  - 21. The system of claim 20 where the enhanced request is a second object including at least one of the following:
    - a) cryptographically-protected authentication of the original request for the requested object;
      
      b) cryptographically-protected time of the original request for the requested object;
      
      c) cryptographically-protected serialization of the protected object; and
      
      d) cryptographically-protected security policy for the requested object.
  - 22. The system of claim 19 further comprising means for establishing an audit trail of actions taken on the object.
  - 27. The method of claim 19 further comprising providing authentication information after requesting the object.

23. A method for protecting objects delivered in a network comprising:
- a) designating a security policy for an object and at least one recipient to receive the object;
  
  b) sending a first notification specifying the security policy for and at least one recipient of the object to an object server;
  
  c) creating an identifier for the object;
  
  d) sending a second notification containing the identifier to the at least one recipient;
  
  e) requesting the object using the identifier;
  
  f) redirecting the request for the object to a security server;
  
  g) protecting the object according to the security policy; and
  
  h) sending the object to the requesting recipient, where the object may be accessed only according to the security policy.
- View Dependent Claims (24, 25, 26, 28, 29, 30, 31, 32, 33)
- - 24. The method of claim 23 further comprising sending the object with the first notification to the object server.
  - 25. The method of claim 23 further comprising creating an enhanced request for the object.
  - 26. The method of claim 23 further comprising redirecting the enhanced request to the security server.
  - 28. The method of claim 25 further comprising redirecting the request only when correct authentication information is provided.
  - 29. The method of claim 23 further comprising the security server obtaining the object from any one of the following:
    - a) the object server;
      
      b) storage associated with the object server; and
      
      c) storage associated with the security server.
  - 30. The method of claim 23 further comprising protecting the object by combining it with mobile code, the security policy, and object controls.
  - 31. The method of claim 23 further comprising protecting the object by encrypting the object.
  - 32. The method of claim 23 further comprising protecting the object by establishing an audit trail of actions relating to the object.
  - 33. The method of claim 23 further comprising delivering a decryption key for the object after receiving an authenticated request for the key.

34. A method for protecting objects delivered in a network comprising:
- a) designating a security policy for an object and at least one recipient to receive the object, the designation performed at a sending device;
  
  b) creating an identifier for the object at an object server;
  
  c) requesting the object using the identifier;
  
  d) protecting the object according to the security policy at a security server, the protection including combining the object with mobile code, the security policy, and object controls; and
  
  e) sending the object to the requesting recipient, where the object'"'"'s security policy and object controls are instantiated at the recipient device and the object may be accessed only according to the security policy.
- View Dependent Claims (35, 36, 37, 38, 39, 40, 41, 42, 43, 44)
- - 35. The method of claim 34 further comprising sending the object with the designated security policy and recipient to the object server.
  - 36. The method of claim 34 further comprising sending a message containing the identifier to the recipient.
  - 37. The method of claim 34 further comprising providing authentication information after requesting the object.
  - 38. The method of claim 37 further comprising redirecting the request to the security server when correct authentication information is provided.
  - 39. The method of claim 38 further comprising creating an enhanced request for the object.
  - 40. The method of claim 38 further comprising redirecting the enhanced request to the security server.
  - 41. The method of claim 34 further comprising the security server obtaining the object from any one of the following:
    - a) the object server;
      
      b) storage associated with the object server; and
      
      c) storage associated with the security server.
  - 42. The method of claim 34 further comprising protecting the object by encrypting it.
  - 43. The method of claim 34 further comprising establishing an audit trail for actions relating to the object.
  - 44. The method of claim 34 further comprising delivering a decryption key for the object after receiving an authenticated request for the key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
OmniTrust Security Systems, Inc. (TriIs, Inc.)
Original Assignee
OmniTrust Security Systems, Inc. (TriIs, Inc.)
Inventors
Bar-Or, Yuval, Robinson, Daniel J., Lordemann, David A.

Application Number

US10/465,365
Publication Number

US 20030237005A1
Time in Patent Office

Days
Field of Search
US Class Current

726/10
CPC Class Codes

H04L 2463/062   applying encryption of the ...

H04L 63/0435   wherein the sending and rec...

H04L 63/20   for managing network securi...

Method and system for protecting digital objects distributed over a network by electronic mail

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

91 Citations

44 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for protecting digital objects distributed over a network by electronic mail

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

91 Citations

44 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links