Third-party e-mail authentication service provider using checksum and unknown pad characters with removal of quotation indents
First Claim
1. An authentication service provider comprising:
- an identifier (ID) generator, for generating an authentication ID, the authentication ID being unique for at least a portion of an electronic document;
a message merger, receiving the authentication ID from the ID generator, for inserting the authentication ID into the electronic document;
a checksum generator for generating a checksum for the electronic document;
a table having entries each containing a checksum, the authentication ID selecting an entry in the table containing a stored checksum for the electronic document identified by the authentication ID;
wherein the checksum from the checksum generator is written to the table into an entry identified by the authentication ID, the checksum written to the table being a stored checksum;
an identifier (ID) extractor, coupled to scan electronic documents for the authentication ID;
when the ID extractor finds an authentication ID in the electronic document, the checksum generator receives the electronic document, to generate a new checksum for the electronic document;
a comparator, receiving the new checksum from the checksum generator and receiving the stored checksum from the table, for signaling a successful authentication when the new checksum matches the stored checksum from the table; and
a result indicator, coupled to the comparator, for indicating when the comparator signals the successful authentication, but for warning when the comparator does not signal the successful authentication, whereby electronic documents are tagged with the authentication ID which later selects a stored checksum in the table, the stored checksum used to signal successful authentication or alteration of the electronic document.
4 Assignments
0 Petitions
Accused Products
Abstract
Electronic mail (email) is certified and authenticated by an authentication service. The authentication service is integrated with an email web site that allows users to set up email accounts. Outgoing email from the email web site is routed to the authentication service. A message identifier (ID) is generated and added to the message within markers. A random-number generator creates random pad characters that are added to the message before a checksum is generated. The checksum and the pad characters are stored in a table indexed by the message ID. The pad characters and the checksum are placed in secure storage and not available to users or others on the Internet. The email with the message ID in the markers but without the pad characters or checksum is sent to the recipients, along with instructions on how to authenticate the message. Others can authenticate a message by emailing it to the authentication service. The message ID is extracted from the markers and used to find the checksum and pad characters in the table. The pad characters are again added to the message and a new checksum generated. Authentication fails when the checksums do not match. An authentication-result message is added to the message before it is returned. Quotation indent characters are stripped from the message before authentication so that quoted messages can be authenticated even though they are altered by reply software during quotation. Headers such as addresses and dates can be copied to the message body so that they are also authenticated.
309 Citations
23 Claims
-
1. An authentication service provider comprising:
-
an identifier (ID) generator, for generating an authentication ID, the authentication ID being unique for at least a portion of an electronic document;
a message merger, receiving the authentication ID from the ID generator, for inserting the authentication ID into the electronic document;
a checksum generator for generating a checksum for the electronic document;
a table having entries each containing a checksum, the authentication ID selecting an entry in the table containing a stored checksum for the electronic document identified by the authentication ID;
wherein the checksum from the checksum generator is written to the table into an entry identified by the authentication ID, the checksum written to the table being a stored checksum;
an identifier (ID) extractor, coupled to scan electronic documents for the authentication ID;
when the ID extractor finds an authentication ID in the electronic document, the checksum generator receives the electronic document, to generate a new checksum for the electronic document;
a comparator, receiving the new checksum from the checksum generator and receiving the stored checksum from the table, for signaling a successful authentication when the new checksum matches the stored checksum from the table; and
a result indicator, coupled to the comparator, for indicating when the comparator signals the successful authentication, but for warning when the comparator does not signal the successful authentication, whereby electronic documents are tagged with the authentication ID which later selects a stored checksum in the table, the stored checksum used to signal successful authentication or alteration of the electronic document. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
the electronic document is an email message; and
the result indicator comprises;
a result marker, coupled to the comparator, for marking the email message with a certified indication when the comparator signals the successful authentication, but for marking the email message with an altered indication when the comparator does not signal the successful authentication, whereby email messages are marked with an authentication result.
-
-
3. The authentication service provider of claim 2 further comprising:
-
a random-number generator for generating a random number for input to the message merger, the message merger merging the random number with the email message before input to the checksum generator; and
a random-number field for each entry in the table, the random-number generator writing the random number to the random-number field in the entry in the table selected by the authentication ID when the checksum is written to the entry;
wherein the random number from the table is merged with the email message before the new checksum is generated by the checksum generator, the random number causing a different checksum to be generated for the email message, whereby the random number is stored with the checksum in the table, the random number being merged with the email message prior to checksum generation.
-
-
4. The authentication service provider of claim 3 wherein the random number from the table is a seed or parameter to the checksum generator, the random number causing a different checksum to be generated for the email message.
-
5. The authentication service provider of claim 3 wherein the random number is not added to email messages sent over an Internet but is only added to messages input to the checksum generator,
whereby the random number is not sent over the Internet with the email message but is kept secure by the authentication service provider. -
6. The authentication service provider of claim 5 wherein the message merger inserts a marker into the email message, the marker containing the authentication ID;
-
wherein the ID extractor scans the email messages for the marker that contains the authentication ID, whereby the authentication ID is in a marker added to the email message.
-
-
7. The authentication service provider of claim 6 wherein the marker contains an email address of the authentication service provider, the email address being used to return email tagged with the marker to the authentication service provider for authentication.
-
8. The authentication service provider of claim 6 wherein the marker inserted into the email message includes a beginning marker inserted before message text and an ending marker inserted after message text in the email message;
wherein the checksum generator receives the message text between the beginning and ending markers.
-
9. The authentication service provider of claim 8 wherein the message merger further includes means for inserting a copy of headers for the email message, the copy being inserted after the beginning marker, the headers including a time and a date of the email message, a sender'"'"'s address and a recipient'"'"'s address,
whereby a copy of the headers for the email message is also authenticated. -
10. The authentication service provider of claim 6 further comprising:
-
a character filter, coupled to receive the email message, for removing a target character added by an email program, the character filter sending the email message with the target characters removed to the checksum generator, whereby target characters are removed before the checksum is generated.
-
-
11. The authentication service provider of claim 10 wherein the target character is a quotation-indent character that indicates that a portion of the email message was quoted from another email message
whereby quotation-indent characters are removed before the checksum is generated. -
12. The authentication service provider of claim 11 wherein the quotation-indent character is a “
- >
”
character at a beginning of a line of text.
- >
-
13. The authentication service provider of claim 6 wherein the result marker also inserts an advertisement into the email message that is authenticated.
-
14. The authentication service provider of claim 6 further comprising:
-
an email web site that includes tools to compose, send, receive, and read email from the Internet, the email web site allowing users to send and receive email;
wherein email sent and received from the email web site is sent to the authentication service provider for tagging with the authentication ID and for checksum comparison for authentication before being sent to the Internet or received by users of the email web site, whereby email authentication is integrated with the email web site.
-
-
15. The authentication service provider of claim 14, wherein the email web site is a public email service that allows anyone on the Internet to open an email account and authenticate email messages.
-
16. The authentication service provider of claim 1 wherein the table is in a secure storage that is not accessible by users on an Internet, the users including a sender and recipients of the email message,
whereby the checksum and random number are securely stored and inaccessible to Internet users. -
17. The authentication service provider of claim 16 wherein the checksum generator uses a function that is publicly known,
whereby a standard checksum function is securely used since the random number is not publicly known. -
18. The authentication service provider of claim 16 wherein each entry in the table further comprises a function field containing a function code, the function code sent to the checksum generator to alter a checksum function that generates the checksum,
whereby different checksum functions are selected by the entry in the table.
-
19. A method for tagging and certifying electronic mail (email) comprising:
-
receiving an email message;
scanning the email message for a marker that contains an authentication identifier;
when an authentication identifier is found in the email message;
extracting the authentication identifier and looking for a matching entry for the authentication identifier in a table;
reading a stored checksum and a pad character string from the matching entry in the table;
adding the pad character string to the email message to generate a padded message;
generating a new checksum for the padded message;
comparing the new checksum to the stored checksum;
adding a certified message to the email message when the new checksum matches the stored checksum;
adding a warning message to the email message when the new checksum does not match the stored checksum;
randomly generating a new pad character string;
generating a new authentication identifier for the email message;
adding the new pad character string to the email message to generate a new padded message;
generating a checksum for the new padded message;
storing in an entry in the table the checksum, the new pad character string, and at least a portion of the authentication identifier;
adding a marker to the email message to generate a marked email message, the marker containing the authentication identifier but not containing the new pad character string or the checksum; and
sending the marked email message to a recipient, whereby the email message is tagged with the authentication identifier and certified. - View Dependent Claims (20, 21)
whereby certification is provided by the public email web site that tags and certifies email messages. -
21. The method of claim 19 wherein neither a recipient nor a sender of the email message is a user at a public email web site that tagged the email message, the email message being sent over an Internet,
whereby certification is provided by a third party service provider.
-
-
22. A computer-program product comprising:
-
a computer-usable medium having computer-readable program code means embodied therein for tagging and authenticating electronic mail (email), the computer-readable program code means in the computer-program product comprising;
identifier (ID) generator means for generating an authentication ID;
message-merger means, receiving the authentication ID from the ID generator means, for inserting the authentication ID into an email message;
random-number generator means for generating a random number for input to the message-merger means, the message-merger means adding the random number to the email message;
checksum generator means for generating a checksum for the email message;
table means for storing entries each containing a checksum and a random-number field, the authentication ID selecting an entry in the table means containing a stored checksum for the email message identified by the authentication ID;
wherein the checksum from the checksum generator means is written to the table means into an entry identified by the authentication ID, the checksum written to the table means being a stored checksum;
identifier (ID) extractor means for scanning email messages for the authentication ID;
when the ID extractor finds an authentication ID in the email message, the checksum generator means receives the email message, to generate a new checksum for the email message;
comparator means, receiving the new checksum from the checksum generator means and receiving the stored checksum from the table means, for signaling a successful authentication when the new checksum matches the stored checksum from the table means; and
result-marker means, coupled to the comparator means, for marking the email message with a certified indication when the comparator means signals the successful authentication, but for marking the email message with an altered indication when the comparator means does not signal the successful authentication, whereby email messages are tagged with the authentication ID which later selects a stored checksum in the table means, the stored checksum used to signal successful authentication or alteration of the email message. - View Dependent Claims (23)
indent-stripper means, coupled to receive the email message, for removing a leading quotation-indent character that indicates that a portion of the email message was quoted from another email message, the indent-stripper means sending the email message with the quotation-indent characters removed to the checksum generator, whereby quotation-indent characters are removed before the checksum is generated.
-
Specification