Secure electronic mail system with configurable cryptographic engine

US 7,822,820 B2
Filed: 06/30/2006
Issued: 10/26/2010
Est. Priority Date: 07/01/2005
Status: Active Grant

First Claim

Patent Images

1. A secure e-mail system, comprising:

a server system including;

a secure e-mail service configured to;

receive a request from a sender to subscribe to the e-mail service;

subscribe the sender to the e-mail service;

receive, at a time of composing of an original e-mail message by the sender, a permission request from a sender computing device associated with the sender, the permission request including a request for authorization to send the original e-mail message to a recipient using the secure e-mail service,authorize sending of the e-mail message by the sender via the secure e-mail service responsive to the permission request, based on the sender being subscribed to the secure e-mail service,receive the e-mail message in unencrypted form from the sender computing device via an HTTPS communications protocol,receive a request from a recipient computing device for the original e-mail message, andtransmit the original e-mail message to the recipient computing device using the secure e-mail service, in response to the request from the recipient computing device;

a centralized message repository for storing the e-mail message received from the sender computing device and for storing other e-mail messages associated with the original e-mail message, including a reply e-mail message addressed to the sender from the recipient;

a cryptographic engine that encrypts the e-mail message with a cryptographic method designated by an administrator of the secure e-mail service, prior to storage of the e-mail message at the centralized message repository, and decrypts the e-mail message at the server system prior to delivery to the recipient upon receiving a request for retrieval of the e-mail message from the recipient; and

an interface executable on a computing device that provides functionality for the administrator to add an executable cryptographic method to the cryptographic engine, and to designate a particular executable cryptographic method to be used to encrypt and/or decrypt e-mail messages that are received and sent using the secure e-mail service at the server system.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An e-mail system is disclosed that overcomes many deficiencies of, but is backward compatible with, existing e-mail systems. Embodiments of the system may include various features, including but not limited to: (1) secure transfer of e-mail messages, without the need for users to replace existing e-mail clients or to change e-mail addresses; (2) tracking of all actions performed in connection with an e-mail transmission; (3) the ability for a recipient to view information about an e-mail message, optionally including information about how other addressees have responded to it, before deciding whether to retrieve the e-mail message; (4) the aggregation of entire e-mail conversations into a single threaded view; (5) the ability to include both private and public messages in a single e-mail communication; (6) sender control over downstream actions performed in connection with an e-mail message; (7) flexible control over cryptographic methods used to encrypt emails messages for storage.

106 Citations

View as Search Results

15 Claims

1. A secure e-mail system, comprising:
- a server system including;
  
  a secure e-mail service configured to;
  
  receive a request from a sender to subscribe to the e-mail service;
  
  subscribe the sender to the e-mail service;
  
  receive, at a time of composing of an original e-mail message by the sender, a permission request from a sender computing device associated with the sender, the permission request including a request for authorization to send the original e-mail message to a recipient using the secure e-mail service,authorize sending of the e-mail message by the sender via the secure e-mail service responsive to the permission request, based on the sender being subscribed to the secure e-mail service,receive the e-mail message in unencrypted form from the sender computing device via an HTTPS communications protocol,receive a request from a recipient computing device for the original e-mail message, andtransmit the original e-mail message to the recipient computing device using the secure e-mail service, in response to the request from the recipient computing device;
  
  a centralized message repository for storing the e-mail message received from the sender computing device and for storing other e-mail messages associated with the original e-mail message, including a reply e-mail message addressed to the sender from the recipient;
  
  a cryptographic engine that encrypts the e-mail message with a cryptographic method designated by an administrator of the secure e-mail service, prior to storage of the e-mail message at the centralized message repository, and decrypts the e-mail message at the server system prior to delivery to the recipient upon receiving a request for retrieval of the e-mail message from the recipient; and
  
  an interface executable on a computing device that provides functionality for the administrator to add an executable cryptographic method to the cryptographic engine, and to designate a particular executable cryptographic method to be used to encrypt and/or decrypt e-mail messages that are received and sent using the secure e-mail service at the server system.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The secure e-mail system of claim 1, wherein the system is configured to determine whether the executable cryptographic method supplied via the interface is digitally signed by a certification authority.
  - 3. The secure e-mail system of claim 1, wherein the interface provides functionality for the administrator to set up a plurality of secure e-mail services on the server system, and to designate different executable cryptographic methods for use with different ones of said secure e-mail services.
  - 4. The secure e-mail system of claim 3, further comprising an e-mail client component executable on the sender computing device that provides an option for the sender of the e-mail message to select from the plurality of secure e-mail services for sending the e-mail message.
  - 5. The secure e-mail system of claim 4, wherein the e-mail client component is an e-mail client plug-in that runs in conjunction with an e-mail client program.
  - 6. The secure e-mail system of claim 4, wherein the e-mail client component is, or is part of, a web-based e-mail interface.
  - 7. The secure e-mail system of claim 1, where the secure e-mail service is configured to, at the time of the recipient'"'"'s attempt to forward the e-mail message, check the permission request against a sender-created forwarding whitelist and/or a forwarding blacklist, before granting or denying permission to forward the e-mail message by the recipient to another user.

8. A secure e-mail system for transferring e-mail between a server system and a plurality of client computing devices, comprising:
- a cryptographic engine that includes a plurality of different executable cryptographic methods for encrypting an e-mail message prior to storage, and decrypting the e-mail message prior to delivery to a recipient of the e-mail message,wherein at least some of the cryptographic methods provide different levels of encryption than others;
  
  a centralized message repository on the server system for storing e-mail messages received from the plurality of client computing devices;
  
  a plurality of secure e-mail services that are executable on the server system and use the cryptographic engine to encrypt and decrypt e-mail messages, wherein each of the secure e-mail services is configured to use a particular one of the executable cryptographic methods, and at least some of the e-mail services are configured to use different executable cryptographic methods than others, so that different ones of said e-mail services provide different levels of security than others, and wherein a particular e-mail service is configured to receive a permission request from a sender computing device for authorization to send the e-mail message using the particular e-mail service, and wherein the particular e-mail service is configured to authorize sending of the e-mail message via the particular e-mail service based on the sender being subscribed to the particular e-mail service; and
  
  an e-mail client component, executable on at least one of the client computing devices, that provides functionality for a sender of an e-mail message to select from among the plurality of e-mail services for sending the e-mail message to the recipient, and for an administrator to add a new executable cryptographic method to the cryptographic engine;
  
  wherein the e-mail client component is configured to communicate with each e-mail service using a secure HTTPS communications protocol to send and receive e-mail messages between the e-mail client component and the server system, said e-mail messages being encrypted at the server system according to a selected cryptographic method by the cryptographic engine and stored in encrypted form on the centralized message repository.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
- - 9. The secure e-mail system of claim 8, wherein the e-mail client component is an e-mail client plug-in that runs in conjunction with an e-mail client program.
  - 10. The secure e-mail system of claim 8, wherein the e-mail client component is, or is part of, a web-based e-mail interface.
  - 11. The secure e-mail system of claim 8, further comprising an interface that provides functionality for the administrator to add the new executable cryptographic method to the cryptographic engine.
  - 12. The secure e-mail system of claim 11, wherein the interface inhibits the addition of executable cryptographic methods that are not digitally signed by a certification authority.
  - 13. The secure e-mail system of claim 11, wherein the interface additionally provides functionality for the administrator to designate particular executable cryptographic methods to be used with particular ones of said e-mail services.
  - 14. The secure e-mail system of claim 8, wherein the server system comprises multiple physical servers.
  - 15. The secure e-mail system of claim 8, wherein the e-mail client component and plurality of e-mail services are configured to transfer the e-mail messages between senders and recipients without use of a store-and-forward model.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Appriver Canada, ULC (Open Text Corporation)
Original Assignee
0733660 Bc Ltd.
Inventors
Astudillo, Esteban, McLean, Matt, Chen, Kung Ming, LeVasseur, Thierry, Rasmussen, Jeremy, Houg, Derek
Primary Examiner(s)
Dinh; Khanh Q
Assistant Examiner(s)
Tran; Nghi V

Application Number

US11/427,943
Publication Number

US 20070113101A1
Time in Patent Office

1,579 Days
Field of Search

709/204, 709/205, 709/206
US Class Current

709/206
CPC Class Codes

G06F 21/60   Protecting data

G06F 21/602   Providing cryptographic fac...

G06Q 10/107   Computer-aided management o...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/60   Digital content management,...

H04L 2209/68   Special signature format, e...

H04L 2209/80   Wireless network architectu...

H04L 51/00   User-to-user messaging in p...

H04L 51/02   using automatic reactions o...

H04L 51/18   Commands or executable codes

H04L 51/212   using filtering or selectiv...

H04L 51/214   using selective forwarding

H04L 51/234   for tracking messages

H04L 51/42   Mailbox-related aspects, e....

H04L 51/56   Unified messaging, e.g. int...

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/12   Applying verification of th...

H04L 63/123   received data contents, e.g...

H04L 63/126   the source of the received ...

H04L 63/145 : the attack involving the pr...

H04L 63/168 : above the transport layer

H04L 63/306 : intercepting packet switche...

H04L 67/02 : based on web technology, e....

H04L 9/3213 : using tickets or tokens, e....

H04L 9/3247 : involving digital signatures

H04L 9/3263 : involving certificates, e.g...

View All

Secure electronic mail system with configurable cryptographic engine

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

106 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Secure electronic mail system with configurable cryptographic engine

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

106 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links