Email access control scheme for communication network using identification concealment mechanism

US 7,188,358 B1
Filed: 03/26/1999
Issued: 03/06/2007
Est. Priority Date: 03/26/1998
Status: Expired due to Term

First Claim

Patent Images

1. A method of email access control, comprising the steps of:

receiving a personalized access ticket containing a sender'"'"'s identification and a recipient'"'"'s identification in correspondence and a sender'"'"'s identification presented by a sender from the sender who wishes to send an email to a recipient so as to specify the recipient as an intended destination of the email, the personalized access ticket further containing a validity period indicating a period for which the personalized access ticket is valid, at a secure communication service for connecting communications between the sender and the recipient;

controlling accesses between the sender and the recipient by verifying an access right of the sender with respect to the recipient according to the personalized access ticket at the secure communication service;

checking whether the sender'"'"'s identification presented by the sender is contained as the sender'"'"'s identification in the personalized access ticket presented by the sender, and refusing delivery of the email when the sender'"'"'s identification presented by the sender is not contained in the personalized access ticket presented by the sender; and

checking the validity period contained in the personalized access ticket presented by the sender, and refusing delivery of the email when the validity period has expired.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An email access control scheme capable of resolving problems of the real email address and enabling a unique identification of the identity of the user while concealing the user identification is disclosed. A personalized access ticket containing a sender'"'"'s identification and a recipient'"'"'s identification in correspondence is to be presented by a sender who wishes to send an email to a recipient so as to specify the recipient as an intended destination of the email. Then, accesses between the sender and the recipient by verifying an access right of the sender with respect to the recipient according to the personalized access ticket at a secure communication service. Also, an official identification of each user by which each user is uniquely identifiable by a certification authority, and an anonymous identification of each user containing at least one fragment of the official identification are defined, and each user is identified by the anonymous identification of each user in communications for emails on a communication network.

115 Citations

85 Claims

1. A method of email access control, comprising the steps of:
- receiving a personalized access ticket containing a sender'"'"'s identification and a recipient'"'"'s identification in correspondence and a sender'"'"'s identification presented by a sender from the sender who wishes to send an email to a recipient so as to specify the recipient as an intended destination of the email, the personalized access ticket further containing a validity period indicating a period for which the personalized access ticket is valid, at a secure communication service for connecting communications between the sender and the recipient;
  
  controlling accesses between the sender and the recipient by verifying an access right of the sender with respect to the recipient according to the personalized access ticket at the secure communication service;
  
  checking whether the sender'"'"'s identification presented by the sender is contained as the sender'"'"'s identification in the personalized access ticket presented by the sender, and refusing delivery of the email when the sender'"'"'s identification presented by the sender is not contained in the personalized access ticket presented by the sender; and
  
  checking the validity period contained in the personalized access ticket presented by the sender, and refusing delivery of the email when the validity period has expired.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 2. The method of claim 1, wherein the validity period of the personalized access ticket is set by a trusted third party.
  - 3. The method of claim 1, further comprising the step of:
    - issuing the personalized access ticket to the sender at a directory service for managing an identification of each registrant and a disclosed information of each registrant which has a lower secrecy than a personal information, in a state which is accessible for search by unspecified many, in response to search conditions specified by the sender, by using an identification of a registrant whose disclosed information matches the search conditions as the recipient'"'"'s identification and the sender'"'"'s identification specified by the sender along with the search conditions.
  - 4. The method of claim 1, further comprising the step of:
    - registering in advance a personalized access ticket containing an identification of a specific user from which delivery of emails to a specific registrant is to be refused as a sender'"'"'s identification and an identification of the specific registrant as a recipient'"'"'s identification for the personalized access ticket registered in advance, at the secure communication service;
      
      wherein at the controlling step the secure communication service refuses delivery of the email from the sender when the personalized access ticket presented by the sender is registered therein in advance at the registering step.
  - 5. The method of claim 4, further comprising the step of:
    - deleting the personalized access ticket registered at the secure communication service upon request from the specific registrant who registered the personalized access ticket at the registering step.
  - 6. The method of claim 1, wherein the personalized access ticket also contains a transfer control flag indicating whether or not the sender should be authenticated by the secure communication service, and at the controlling step, when the transfer control flag contained in the personalized access ticket indicates that the sender should be authenticated, the secure communication service authenticates the sender'"'"'s identification presented by the sender and refuses a delivery of the email when an authentication of the sender'"'"'s identification presented by the sender fails.
  - 7. The method of claim 6, wherein the authentication of the sender'"'"'s identification presented by the sender is realized by a challenge/response procedure between the sender and the secure communication service.
  - 8. The method of claim 6, wherein the transfer control flag of the personalized access ticket is set by a trusted third party.
  - 9. The method of claim 1, wherein the sender'"'"'s identification and the recipient'"'"'s identification in the personalized access ticket are given by real email addresses of the sender and the recipient.
  - 10. The method of claim 1, wherein the sender'"'"'s identification and the recipient'"'"'s identification in the personalized access ticket are given by anonymous identifications of the sender and the recipient, where an anonymous identification of each user contains at least one fragment of an official identification of each user by which each user is uniquely identifiable by a certification authority.
  - 11. The method of claim 10, wherein the anonymous identification of each user is an information containing the at least one fragment of the official identification of each user which is signed by the certification authority using a secret key of the certification authority.
  - 12. The method of claim 10, wherein the official identification of each user is a character string uniquely assigned to each user by the certification authority and a public key of each user which are signed by a secret key of the certification authority.
  - 13. The method of claim 10, further comprising the step of:
    - probabilistically identifying an identity of the sender by reconstructing the official identification of the sender by judging identity of a plurality of anonymous identifications of the sender contained in a plurality of personalized access tickets used by the sender.
  - 14. The method of claim 1, wherein an anonymous identification of each user that contains at least one fragment of an official identification of each user by which each user is uniquely identifiable by a certification authority and a link information of each anonymous identification by which each anonymous identification can be uniquely identified are defined, and the sender'"'"'s identification and the recipient'"'"'s identification in the personalized access ticket are given by a link information of the anonymous identification of the sender and a link information of the anonymous identification of the recipient.
  - 15. The method of claim 14, wherein the link information of each anonymous identification is an identifier uniquely assigned to each anonymous identification by the certification authority.
  - 16. The method of claim 14, further comprising the step of:
    - probabilistically identifying an identity of the sender by reconstructing the official identification of the sender by judging identity of a plurality of anonymous identifications of the sender corresponding to the link information contained in a plurality of personalized access tickets used by the sender.
  - 17. The method of claim 1, wherein the personalized access ticket contains a single sender'"'"'s identification and a single recipient'"'"'s identification in 1-to-1 correspondence.
  - 18. The method of claim 1, wherein the personalized access ticket contains a single sender'"'"'s identification) and a plurality of recipient'"'"'s identifications in 1-to-N correspondence, where N is an integer greater than 1.
  - 19. The method of claim 18, wherein one identification among the single sender'"'"'s identification and the plurality of recipient'"'"'s identifications is a holder identification for identifying a holder of the personalized access ticket while other identifications among the single sender'"'"'s identification and the plurality of recipient'"'"'s identifications are member identifications for identifying members of a group to which the holder belongs.
  - 20. The method of claim 19, further comprising the step of:
    - issuing an identification of each user and an enabler of the identification of each user indicating a right to change the personalized access ticket containing the identification of each user as the holder identification, to each user at a certification authority, such that prescribed processing on the personalized access ticket can be carried out at a secure processing device only by a user who presented both the holder identification contained in the personalized access ticket and the enabler corresponding to the holder identification to the secure processing device.
  - 21. The method of claim 20, wherein the certification authority issues the enabler of the identification of each user as an information indicating that it is the enabler and the identification of each user itself which are signed by a secret key of the certification authority.
  - 22. The method of claim 20, wherein the prescribed processing includes a generation of a new personalized access ticket, a merging of a plurality of personalized access tickets, a splitting of one personalized access ticket into a plurality of personalized access tickets, a changing of the holder of the personalized access ticket, changing of a validity period of the personalized access ticket, and a changing of a transfer control flag of the personalized access ticket.
  - 23. The method of claim 22, wherein a special identification and a special enabler corresponding to the special identification which are known to all users are defined such that the generation of a new personalized access ticket and the changing of the holder of the personalized access ticket can be carried out by the holder of the personalized access ticket by using the special identification and the special enabler without using an enabler of a member identification.
  - 24. The method of claim 23, wherein the special identification is defined to be capable of being used only as the holder identification of the personalized access ticket.
  - 25. The method of claim 22, wherein a special identification which is known to all users is defined such that a read only attribute can be set to the personalized access ticket by using the special identification.
  - 26. The method of claim 1, wherein at the controlling step, when the access right of the sender with respect to the recipient is verified according to the personalized access ticket, the secure communication service takes out the recipient'"'"'s identification from the personalized access ticket by using the sender'"'"'s identification presented by the sender, converts the email by using the taken out recipients identification into a format that can be interpreted by an email transfer function for actually carrying out email delivery processing, and gives the email after conversion to the email transfer function by attaching the personalized access ticket.

27. A method of email access control, comprising the steps of:
- defining an official identification of each user by which each user is uniquely identifiable by a certification authority, and an anonymous identification of each user containing at least one fragment of the official identification;
  
  identifying each user by the anonymous identification of each user in communications for emails on a communication network, wherein the anonymous identification of each user is an information containing the at least one fragment of the official identification of each user which is signed by the certification authority using a secret key of the certification authority;
  
  receiving a personalized access ticket containing a sender'"'"'s anonymous identification and a recipient'"'"'s anonymous identification in correspondence, which is presented by a sender who wishes to send an email to a recipient so as to specify the recipient as an intended destination of the email, at a secure communication service for connecting communications between the sender and the receiver; and
  
  controlling accesses between the sender and the recipient by verifying an access right of the sender with respect to the recipient according to the personalized access ticket at the secure communication service.
- View Dependent Claims (28, 29, 30, 31, 32, 33)
- - 28. The method of claim 27, wherein the official identification of each user is a character string uniquely assigned to each user by the certification authority and a public key of each user which are signed by a secret key of the certification authority.
  - 29. The method of claim 27, further comprising the step of:
    - probabilistically identifying an identity of the sender at the secure communication service by reconstructing the official identification of the sender while judging identity of a plurality of anonymous identifications of the sender contained in a plurality of personalized access tickets used by the sender.
  - 30. The method of claim 27, wherein the defining step also defines a link information of each anonymous identification by which each anonymous identification can be uniquely identified, and each anonymous identification also contains the link information of each anonymous identification.
  - 31. The method of claim 30, wherein the link information of each anonymous identification is an identifier uniquely assigned to each anonymous identification by the certification authority.
  - 32. The method of claim 30, whereinthe personalized access ticket contains a link information of the sender'"'"'s anonymous identification and a link information of the recipient'"'"'s anonymous identification.
  - 33. The method of claim 32, further comprising the step of:
    - probabilistically identifying an identity of the sender by reconstructing the official identification of the sender while judging identity of a plurality of anonymous identifications of the sender corresponding to the link information contained in a plurality of personalized access tickets used by the sender.

34. A communication system realizing email access control, comprising:
- a communication network to which a plurality of user terminals are connected;
  
  a secure communication service device for connecting communications between a sender and a receiver on the communication network, by receiving a personalized access ticket containing a sender'"'"'s identification and a recipient'"'"'s identification in correspondence, which is presented by a sender who wishes to send an email to a recipient so as to specify the recipient as an intended destination of the email, the personalized access ticket further containing a validity period indicating a period for which the personalized access ticket is valid, authenticating and controlling accesses between the sender and the recipient by verifying an access right of the sender with respect to the recipient according to the personalized access ticket and by checking the validity period contained in the personalized access ticket presented by the sender, and refusing delivery of the email when the validity period has expired; and
  
  a secure processing device for issuing the personalized access ticket which is signed by a secret key of the secure processing device;
  
  wherein the secure communication service device authenticates the personalized access ticket by verifying a signature of the secure processing device in the personalized access ticket using a public key of the secure processing device.
- View Dependent Claims (35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60)
- - 35. The system of claim 34, wherein the secure communication service device also receives a sender'"'"'s identification presented by the sender along with the personalized access ticket, checks whether the sender'"'"'s identification presented by the sender is contained in the personalized access ticket presented by the sender, and refuses a delivery of the email when the sender'"'"'s identification presented by the sender is not contained in the personalized access ticket presented by the sender.
  - 36. The system of claim 34, further comprising:
    - a trusted third party for setting the validity period of the personalized access ticket.
  - 37. The system of claim 34, further comprising;
    - a directory service device for managing an identification of each registrant and a disclosed information of each registrant which has a lower secrecy than a personal information, in a state which is accessible for search by unspecified many, and issuing the personalized access ticket to the sender in response to search conditions specified by the sender, by using an identification of a registrant whose disclosed information matches the search conditions as the recipient'"'"'s identification and the sender'"'"'s identification specified by the sender along with the search conditions.
  - 38. The system of claim 34, wherein the secure communication service device registers in advance a personalized access ticket containing an identification of a specific user from which a delivery of emails to a specific registrant is to be refused as a senders identification and an identification of the specific registrant as a recipient'"'"'s identification of the personalized access ticket registered in advance, and refuses a delivery of the email from the sender when the personalized access ticket presented by the sender is registered therein in advance.
  - 39. The system of claim 38, wherein the secure communication service device deletes the personalized access ticket registered therein upon request from the specific registrant who registered the personalized access ticket.
  - 40. The system of claim 34, wherein the personalized access ticket also contains a transfer control flag indicating whether or not the sender should be authenticated by the secure communication service, and when the transfer control flag contained in the personalized access ticket indicates that the sender should be authenticated, the secure communication service device authenticates the sender'"'"'s identification presented by the sender and refuses a delivery of the email when an authentication of the sender'"'"'s identification presented by the sender fails.
  - 41. The system of claim 40, wherein the authentication of the sender'"'"'s identification presented by the sender is realized by a challenge/response procedure between the sender and the secure communication service device.
  - 42. The system of claim 40, further comprising a trusted third party for setting the transfer control flag of the personalized access ticket.
  - 43. The system of claim 34, wherein the sender'"'"'s identification and the recipient'"'"'s identification in the personalized access ticket are given by real email addresses of the sender and the recipient.
  - 44. The system of claim 34, further comprising:
    - a certification authority device for issuing an anonymous identification of each user which contains at least one fragment of an official identification of each user by which each user is uniquely identifiable by the certification authority device;
      
      wherein the sender'"'"'s identification and the recipient'"'"'s identification in the personalized access ticket are given by anonymous identifications of the sender and the recipient.
  - 45. The system of claim 44, wherein the anonymous identification of each user is an information containing the at least one fragment of the official identification of each user which is signed by the certification authority device using a secret key of the certification authority device.
  - 46. The system of claim 44, wherein the official identification of each user is a character string uniquely assigned to each user by the certification authority device and a public key of each user which are signed by a secret key of the certification authority device.
  - 47. The system of claim 44, wherein the secure communication service device probabilistically identifies an identity of the sender by reconstructing the official identification of the sender while judging identity of a plurality of anonymous identifications of the sender contained in a plurality of personalized access tickets used by the sender.
  - 48. The system of claim 34, further comprising:
    - a certification authority device for issuing an anonymous identification of each user which contains at least one fragment of an official identification of each user by which each user is uniquely identifiable by the certification authority device and a link information of each anonymous identification by which each anonymous identification can be uniquely identified;
      
      wherein the sender'"'"'s identification and the recipients identification in the personalized access ticket are given by a link information of the anonymous identification of the sender and a link information of the anonymous identification of the recipient.
  - 49. The system of claim 48, wherein the link information of each anonymous identification is an identifier uniquely assigned to each anonymous identification by the certification authority device.
  - 50. The system of claim 48, wherein the secure communication service device probabilistically identifies an identity of the sender by reconstructing the official identification of the sender while judging identity of a plurality of anonymous identifications of the sender corresponding to the link information contained in a plurality of personalized access tickets used by the sender.
  - 51. The system of claim 34, wherein the personalized access ticket contains a single sender'"'"'s identification and a single recipient'"'"'s identification in 1-to-1 correspondence.
  - 52. The system of claim 34, wherein the personalized access ticket contains a single sender'"'"'s identification and a plurality of recipient'"'"'s identifications in 1-to-N correspondence, where N is an integer greater than 1.
  - 53. The system of claim 52, wherein one identification among the single sender'"'"'s identification and the plurality of recipient'"'"'s identifications is a holder identification for identifying a holder of the personalized access ticket while other identifications among the single sender'"'"'s identification and the plurality of recipient'"'"'s identifications are member identifications for identifying members of a group to which the holder belongs.
  - 54. The system of claim 53, further comprising:
    - a certification authority device for issuing to each user an identification of each user and an enabler of the identification of each user indicating a right to change the personalized access ticket containing the identification of each user as the holder identification; and
      
      a secure processing device at which prescribed processing on the personalized access ticket can be carried out only by a user who presented both the holder identification contained in the personalized access ticket and the enabler corresponding to the holder identification to the secure processing device.
  - 55. The system of claim 54, wherein the certification authority device issues the enabler of the identification of each user as an information indicating that it is the enabler and the identification of each user itself which are signed by a secret key of the certification authority device.
  - 56. The system of claim 54, wherein the prescribed processing includes a generation of a new personalized access ticket, a merging of a plurality of personalized access tickets, a splitting of one personalized access ticket into a plurality of personalized access tickets, a changing of the holder of the personalized access ticket, changing of a validity period of the personalized access ticket, and a changing of a transfer control flag of the personalized access ticket.
  - 57. The system of claim 56, wherein a special identification and a special enabler corresponding to the special identification which are known to all users are defined such that the generation of a new personalized access ticket and the changing of the holder of the personalized access ticket can be carried out by the holder of the personalized access ticket by using the special identification and the special enabler without using an enabler of a member identification.
  - 58. The system of claim 57, wherein the special identification is defined to be capable of being used only as the holder identification of the personalized access ticket.
  - 59. The system of claim 56, wherein a special identification which is known to all users is defined such that a read only attribute can be set to the personalized access ticket by using the special identification.
  - 60. The system of claim 34, wherein when the access right of the sender with respect to the recipient is verified according to the personalized access ticket, the secure communication service device takes out the recipient'"'"'s identification from the personalized access ticket by using the sender'"'"'s identification presented by the sender, converts the email by using the taken out recipient'"'"'s identification into a format that can be interpreted by an email transfer function for actually carrying out email delivery processing, and gives the email after conversion to the email transfer function by attaching the personalized access ticket.

61. A secure communication service device for use in a communication system realizing email access control, comprising:
- computer hardware; and
  
  computer software for causing the computer hardware to connect communications between a sender and a receiver by receiving a personalized access ticket containing a sender'"'"'s identification and a recipient'"'"'s identification in correspondence, which is presented by the sender who wishes to send an email to the recipient so as to specify the recipient as an intended destination of the email, the personalized access ticket further containing a validity period indicating a period for which the personalized access ticket is valid, and controlling accesses between the sender and the recipient by verifying an access right of the sender with respect to the recipient according to the personalized access ticket;
  
  wherein the computer software causes the computer hardware to also receive the sender'"'"'s identification presented by the sender along with the personalized access ticket, check whether the sender'"'"'s identification presented by the sender is contained in the personalized access ticket presented by the sender and whether the validity period contained in the personalized access ticket presented by the sender has expired, and refuse a delivery of the email when the sender'"'"'s identification presented by the sender is not contained in the personalized access ticket presented by the sender or when the validity period has expired.
- View Dependent Claims (62, 63, 64, 65, 66, 67, 68)
- - 62. The secure communication service device of claim 61, wherein the computer software causes the computer hardware to register in advance a personalized access ticket containing an identification of a specific user from which a delivery of emails to a specific registrant is to be refused as a sender'"'"'s identification and an identification of the specific registrant as a recipient'"'"'s identification for the personalized access ticket registered in advance, at the secure communication service device, and refuse delivery of the email from the sender when the personalized access ticket presented by the sender is registered at the secure communication service device in advance.
  - 63. The secure communication service device of claim 62, wherein the computer software causes the computer hardware to delete the personalized access ticket registered at the secure communication service device upon request from the specific registrant who registered the personalized access ticket.
  - 64. The secure communication service device of claim 61, wherein the personalized access ticket also contains a transfer control flag indicating whether or not the sender should be authenticated by the secure communication service device, and when the transfer control flag contained in the personalized access ticket indicates that the sender should be authenticated, the computer software causes the computer hardware to authenticate the sender'"'"'s identification presented by the sender and refuse a delivery of the email when an authentication of the sender'"'"'s identification presented by the sender fails.
  - 65. The secure communication service device of claim 64, wherein the computer software causes the computer hardware to realize the authentication of the sender'"'"'s identification presented by the sender by a challenge/response procedure between the sender and the secure communication service device.
  - 66. The secure communication service device of claim 61, wherein the sender'"'"'s identification and the recipient'"'"'s identification in the personalized access ticket are given by anonymous identifications of the sender and the recipient, where an anonymous identification of each user contains at least one fragment of an official identification of each user by which each user is uniquely identifiable by a certification authority, and the computer software also causes the computer hardware to probabilistically identify an identity of the sender by reconstructing the official identification of the sender by judging identity of a plurality of anonymous identifications of the sender contained in a plurality of personalized access tickets used by the sender.
  - 67. The secure communication service device of claim 61, wherein an anonymous identification of each user that contains at least one fragment of an official identification of each user by which each user is uniquely identifiable by a certification authority and a link information of each anonymous identification by which each anonymous identification can be uniquely identified are defined, the sender'"'"'s identification and the recipient'"'"'s identification in the personalized access ticket are given by a link information of the anonymous identification of the sender and a link information of the anonymous identification of the recipient, and the computer software also causes the computer hardware to probabilistically identify an identity of the sender by reconstructing the official identification of the sender by judging identity of a plurality of anonymous identifications of the sender corresponding to the link information contained in a plurality of personalized access tickets used by the sender.
  - 68. The secure communication service device of claim 61, wherein when the access right of the sender with respect to the recipient is verified according to the personalized access ticket, the computer software causes the computer hardware to take out the recipient'"'"'s identification from the personalized access ticket by using the sender'"'"'s identification presented by the sender, convert the email by using the taken out recipients identification into a format that can be interpreted by an email transfer function for actually carrying out email delivery processing, and give the email after conversion to the email transfer function by attaching the personalized access ticket.

69. A communication system realizing email access control, comprising:
- a certification authority device for defining an official identification of each user by which each user is uniquely identifiable by the certification authority device, and an anonymous identification of each user which contains at least one fragment of the official identification wherein the anonymous identification of each user contains the at least one fragment of the official identification of each user which is signed by the certification authority device using a secret key of the certification authority device;
  
  an access control device for controlling email accesses to a communication network on which each user is identified by the anonymous identification of each user in communications for emails on the communication network; and
  
  a secure communication service device for connecting communications between users on the communication network by receiving a personalized access ticket containing a sender'"'"'s anonymous identification and a recipient'"'"'s anonymous identification in correspondence, which is presented by a sender who wishes to send an email to a recipient so as to specify the recipient as an intended destination of the email, and controlling accesses between the sender and the recipient by verifying an access right of the sender with respect to the recipient according to the personalized access ticket.
- View Dependent Claims (70, 71, 72, 73, 74, 75)
- - 70. The system of claim 69, wherein the official identification of each user is a character string uniquely assigned to each user by the certification authority device and a public key of each user which are signed by a secret key of the certification authority device.
  - 71. The system of claim 69, wherein the secure communication service device probabilistically identifies an identity of the sender by reconstructing the official identification of the sender while judging identity of a plurality of anonymous identifications of the sender contained in a plurality of personalized access tickets used by the sender.
  - 72. The system of claim 69, wherein the certification authority device also defines a link information of each anonymous identification by which each anonymous identification can be uniquely identified, and each anonymous identification also contains the link information of each anonymous identification.
  - 73. The system of claim 72, wherein the link information of each anonymous identification is an identifier uniquely assigned to each anonymous identification by the certification authority device.
  - 74. The system of claim 72,wherein the personalized access ticket contains a link information of the sender'"'"'s anonymous identification and a link information of the recipient'"'"'s anonymous identification in correspondence.
  - 75. The system of claim 74, wherein the secure communication service device probabilistically identifies an identity of the sender by reconstructing the official identification of the sender while judging identity of a plurality of link informations of anonymous identifications of the sender contained in a plurality of personalized access tickets used by the sender.

76. A computer usable medium having computer readable program code means embodied therein for causing a computer to function as a secure communication service device for use in a communication system realizing email access control, the computer readable program code means includes:
- first computer readable program code means for causing said computer to receive a personalized access ticket containing a sender'"'"'s identification and a recipient'"'"'s identification in correspondence, which is presented by a sender who wishes to send an email to a recipient so as to specify the recipient as an intended destination of the email, the personalized access ticket further containing a validity period indicating a period for which the personalized access ticket is valid; and
  
  second computer readable program code means for causing said computer to control accesses between the sender and the recipient by verifying an access right of the sender with respect to the recipient according to the personalized access ticket, so as to connect communications between the sender and the receiver on the communication network;
  
  wherein the second computer readable program code means causes said computer to authenticate the personalized access ticket presented by the sender, check whether the validity period contained in the personalized access ticket presented by the sender has expired, and refuse delivery of the email when the personalized access ticket presented by the sender has been altered or when the validity period has expired.
- View Dependent Claims (77, 78, 79, 80, 81, 82, 83, 84, 85)
- - 77. The computer usable medium of claim 76, wherein the personalized access ticket is signed by a secret key of a secure processing device which issued the personalized access ticket, and the second computer readable program code means causes said computer to authenticate the personalized access ticket by verifying a signature of the secure processing device in the personalized access ticket using a public key of the secure processing device.
  - 78. The computer usable medium of claim 76, wherein the first computer readable program code means causes said computer to also receive the sender'"'"'s identification presented by the sender along with the personalized access ticket, and the second computer readable program code means causes said computer to check whether the sender'"'"'s identification presented by the sender is contained in the personalized access ticket presented by the sender and refuse a delivery of the email when the sender'"'"'s identification presented by the sender is not contained in the personalized access ticket presented by the sender.
  - 79. The computer usable medium of claim 76, wherein the second computer readable program code means causes said computer to register in advance a personalized access ticket containing an identification of a specific user from which a delivery of emails to a specific registrant is to be refused as the sender'"'"'s identification and an identification of the specific registrant as the recipient'"'"'s identification for the personalized access ticket registered in advance, at the secure communication service device, and refuse a delivery of the email from the sender when the personalized access ticket presented by the sender is registered at the secure communication service device in advance.
  - 80. The computer usable medium of claim 79, wherein the second computer readable program code means causes said computer to delete the personalized access ticket registered at the secure communication service device upon request from the specific registrant who registered the personalized access ticket.
  - 81. The computer usable medium of claim 76, wherein the personalized access ticket also contains a transfer control flag indicating whether or not the sender should be authenticated by the secure communication service device, and when the transfer control flag contained in the personalized access ticket indicates that the sender should be authenticated, the second computer readable program code means causes said computer to authenticate the sender'"'"'s identification presented by the sender and refuse a delivery of the email when an authentication of the sender'"'"'s identification presented by the sender fails.
  - 82. The computer usable medium of claim 81, wherein the second computer readable program code means causes said computer to realize the authentication of the sender'"'"'s identification presented by the sender by a challenge/response procedure between the sender and the secure communication service device.
  - 83. The computer usable medium of claim 76, wherein the sender'"'"'s identification and the recipient'"'"'s identification in the personalized access ticket are given by anonymous identifications of the sender and the recipient, where an anonymous identification of each user contains at least one fragment of an official identification of each user by which each user is uniquely identifiable by a certification authority, and the second computer readable program code means also causes said computer to probabilistically identify an identity of the sender by reconstructing the official identification of the sender by judging identity of a plurality of anonymous identifications of the sender contained in a plurality of personalized access tickets used by the sender.
  - 84. The computer usable medium of claim 76, wherein an anonymous identification of each user that contains at least one fragment of an official identification of each user by which each user is uniquely identifiable by a certification authority and a link information of each anonymous identification by which each anonymous identification can be uniquely identified are defined, the sender'"'"'s identification and the recipient'"'"'s identification in the personalized access ticket are given by a link information of the anonymous identification of the sender and a link information of the anonymous identification of the recipient, and the second computer readable program code means also causes said computer to probabilistically identify an identity of the sender by reconstructing the official identification of the sender by judging identity of a plurality of anonymous identifications of the sender corresponding to the link information contained in a plurality of personalized access tickets used by the sender.
  - 85. The computer usable medium of claim 76, wherein when the access right of the sender with respect to the recipient is verified according to the personalized access ticket, the second computer readable program code means causes said computer to take out the recipient'"'"'s identification from the personalized access ticket by using the sender'"'"'s identification presented by the sender, convert the email by using the taken out recipient'"'"'s identification into a format that can be interpreted by an email transfer function for actually carrying out email delivery processing, and give the email after conversion to the email transfer function by attaching the personalized access ticket.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nippon Telegraph and Telephone Corporation
Original Assignee
Nippon Telegraph and Telephone Corporation
Inventors
Ono, Satoshi, Hisada, Yusuke, Ichikawa, Haruhisa
Primary Examiner(s)
Sheikh; Ayaz
Assistant Examiner(s)
Jackson; Jenise E.

Application Number

US09/277,417
Time in Patent Office

2,902 Days
Field of Search

713200-202, 713/166, 713154-156, 713/180, 713/159, 713/158, 709223-229
US Class Current

726/2
CPC Class Codes

H04L 51/212   using filtering or selectiv...

H04L 51/48   Message addressing, e.g. ad...

H04L 63/0421   Anonymous communication, i....

H04L 63/126   the source of the received ...

Email access control scheme for communication network using identification concealment mechanism

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

115 Citations

85 Claims

Specification

Solutions

Use Cases

Quick Links

Email access control scheme for communication network using identification concealment mechanism

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

115 Citations

85 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links