GB2420061A - Secure email communication using a central server - Google Patents

Secure email communication using a central server Download PDF

Info

Publication number
GB2420061A
GB2420061A GB0424496A GB0424496A GB2420061A GB 2420061 A GB2420061 A GB 2420061A GB 0424496 A GB0424496 A GB 0424496A GB 0424496 A GB0424496 A GB 0424496A GB 2420061 A GB2420061 A GB 2420061A
Authority
GB
United Kingdom
Prior art keywords
user
message
computer
secure
email
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB0424496A
Other versions
GB0424496D0 (en
Inventor
Brian K Raven
Christopher John Halford
Roger William Andrew
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
SAFE POST PLC
Original Assignee
SAFE POST PLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by SAFE POST PLC filed Critical SAFE POST PLC
Priority to GB0424496A priority Critical patent/GB2420061A/en
Publication of GB0424496D0 publication Critical patent/GB0424496D0/en
Publication of GB2420061A publication Critical patent/GB2420061A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/21Monitoring or handling of messages
    • H04L51/234Monitoring or handling of messages for tracking messages
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/166Implementing security features at a particular protocol layer at the transport layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash

Abstract

Creating a secure data connection between a first computer, associated with a first user, and a central server, encrypting the message using a first digital certificate stored on the first computer and transmitting the encrypted message to the central server and associated post-box for storage in a data area associated with a second user, whereby the second user is able to access the central server via a secure data connection from a second computer, to download the message from the data area. Before a user is able to send or receive a first message, he must verify his identity by registering with the server via an email sent to his unique email address. The email includes a hyperlink which leads to a data input form.

Description

IMPROVEMENTS IN AND RELATING TO DATA COMMUNICATION
The present invention relates to a method and apparatus provided for secure and confidential communication of messages and data files between users of a data transfer system.
Prior art systems of electronic communication, such as regular email, although providing quick and easy means of exchanging messages between given users, suffer from a number of drawbacks, which can be significant in situations where secure and reliable message exchange is required or desirable.
In a standard email system, emails pass through at least two intermediaries (ISPs) in addition to the mail servers of both sender and receiver, affording many people the opportunity to read and copy email without detection. A first user may transmit an email message to a second user, with no verification that either user is who they claim to be, or that indeed the message has left the mail system of the first user or arrived in the mail system of the second user. Additionally, there are no inherent checks in standard email systems to ensure that the message is not intercepted, copied, altered or otherwise interfered with in transit between said first and second users.
In situations where data security and authentication of users are important, for example in financial transactions, business transactions, secure communications involving military or intelligence information, the inherent drawbacks of regular prior art email systems may lead to data vulnerability, making the use of such * 6 *.* I 6*.
* * a * * I a * * 6 * * * * S S. S S * I S S * S S S* * a S a. I * I insecure systems untenable or, at the very least, useable with extreme caution.
Certain steps have been taken to remedy these problems with prior art systems, but there would appear to be no single solution which addresses all of these concerns and delivers a system that prevents, or at least hinders any third party eavesdropping and allows full traceability of exchanged messages, authentication of registered users, and a full audit trail of all message transactions.
Existing prior art email systems are now commonplace and provide cheap convenient and accessible means of communicating electronically. Messages may easily be formatted to include an attached computer file, such as a document, an image file and executable program code. The underlying technology, however, is prone to unreliability, since it is never certain that a given message has been transmitted or received correctly. The technology was never intended to offer a complete secure transmission path and due to the open and anonymous nature of internet communications, emails transmitted this way are prone to interception by third parties and can provide a means by which junk mail (spam) or even dangerous computer viruses may be circulated anonymously.
Additionally, there is no standard and reliable way of providing an audit trail of individual email transactions.
This stems from the fact that it is often difficult, if not impossible, to determine whether an email has successfully left the originating system, let alone arrived at the destination system and been opened by the intended recipient. * am.
* . . * a . . . p. * * S d S * S * a.
*5 S p The use of prior art email systems to transmit critical, secret or sensitive information poses significant risks to the security of said information, particularly whilst in transit from a first to a second computer network. Since neither the sender nor the recipient generally has sole access to the data transmission circuits which actually carry the message, it is possible that a third party may intercept a message, thereby compromising its security. It is also possible that a message may be lost or delivered to the wrong person.
Prior to the widespread usage of email systems, sensitive documents were generally sent by recorded delivery or by courier service so that some form of trace could be kept of their whereabouts and some form of protection employed to keep contents confidential e.g. protective seal on envelopes. However, widespread usage of email has led to a certain degree of complacency and most users are content to overlook the very real possibility that their messages may be intercepted, interfered with or may even fail to reach their destination.
Currently, many emails are transmitted which include sensitive information such as business strategy, professional advice and opinions, personnel data or confidential, business critical information. This is routinely distributed via email systems which are inherently unreliable, insecure, susceptible to impersonation, and the users either do not know of, or choose to ignore, these potential problems.
* * *s * .e.
* * * S S * . S * * S I S. S S * S. 55 I * S S SS * 5 5 As mentioned, there is no guarantee that any given email message will be transmitted/received correctly. There is no guarantee that the person sending the message is who they claim to be and there is no audit trail to successfully trace the provenance of a given email.
Prior art email systems are available which provide a certain degree of encryption of messages and facilitate secure access to an individual mail box in order to prevent eavesdropping, but these systems fail to address many of the other problems inherent with prior art email systems, whether referred to above or not.
There are certain prior art intranet or extranet systems available which offer secure means for sharing files and/or transferring messages and documents between parties, but these are generally only available for a specific defined organisation or community, and not accessible to any potential users outside that community.
Indeed, none of the existing prior art message exchange systems provide an open, global, two-way system for confidential transfer of messages and/or files from a first trusted individual to another.
It is an aim of embodiments of the present invention to address problems with the prior art systems, whether explicitly referred to above or not.
According to the present invention there is provided a method as set forth in the appended claims. Preferred features of the invention will be apparent from the dependent claims, and the description which follows.
* S *SS S *S* * S S S S S * * S S S S S S S *5 S S S * S S * S * 55 S S S S
U S U S
Embodiments of the present invention provide a secure electronic delivery and collection system adapted to Lhe exchange of confidential or other secure information between two or more trusted parties and a related method of controlling access to, and use of, the system by any registered party. Furthermore, a full audit trail is maintained, which records all transactions between all parties.
In overview, an embodiment of the present invention provides a remote secure web server hosting individual private post boxes or data areas associated with a user, accessible only by a particular user (namely the owner of said post box) . Each post box can be further sub-divided into several different areas specific to certain functions. For example, each post box may contain an "in tray" and "out tray", message tracking areas including historical in and out data, a contacts area for storing information regarding other users, and an administration section, provided primarily to manage billing information, security information and personal settings associated with the individual post box.
The system can further include an additional remote secure database server provided for handling account and payment administration. This database server will not in itself permit access to individual post boxes which are housed on the remote secure web server previously mentioned.
Further computer apparatus for accessing the remote secure web server is provided by individual users. In principal, any internet connected computer may be used to access the secure system, provided that certain security checks are * S *SS S *SS * S * S S S S
S S S S S S S S
S. * S S S S S S S S Sb S S S * *. S * S * satisfied. Ordinarily, a particular user is likely to use only a single computer to access his secure post box and certain authentication documents, including digital certificates, used to verify a user's identity in conjunction with other information, can be installed in a secure fashion on the user's personal computer.
Communication between the individual post box owner's computer apparatus and remote web server, to provide access to the post box, is performed via an authenticated communications link to which a suitable level of security has been applied. A typical level of security includes 128 bit SSL encryption, employing digital certificates and public/private key encryption.
When a user of the secure system wishes to transmit a message to another user, the message is effectively deposited online by the first user directly into the post box of the second user (preferably into their "in tray"), from where it may be collected subsequently by the second user. In this way, the secure message bypasses regular email systems and is transmitted only from the first user's computer to the remote secure server via a secure authenticated data link. In this way, eavesdropping or interception of messages may be substantially avoided and both transmission and delivery of messages occur almost instantaneously.
The identity of the first user (sender) is automatically authenticated by the secure message server, which prevents impersonation of other users and anonymous posting, both of which are problems frequently encountered with prior art email systems. Furthermore, the identity of the * S 555.
* * S S S S * * * S S * S * S S. * S S S * *. . :. _ second user (recipient) of a message transmitted by this means is also automatically authenticated prior to the message being collected, ensuring that delivery to the named addressee is guaranteed.
In order to ensure a full audit trail of all messages transmitted and received, every transaction performed via the system, including details such as date and time of delivery and collection, is recorded automatically and may be stored in the transaction history area of a particular user's post box.
Since transmitted messages are deposited directly into the post box of the recipient, it is possible for any messages sent in error to be recalled up to the point that said message is collected by the intended recipient. Such recall systems have been attempted in prior art email systems but since the transmitted message must necessarily leave the mail server system of the sender, there is no guarantee that any message recall will be successful.
In embodiments of the present system, message recall is guaranteed provided that the intended recipient has not yet opened the message.
Since each user (sender/recipient) is authenticated, it is possible to exclude any user from sending anything further if it has been found that they are responsible for sending anything unsolicited or undesirable. This goes beyond what is possible with so-called junk mail filters
implemented in certain prior art email systems.
* * S.. S *eS * I S S S S S * S S S S S S S ** * S S * * S * * S ** S S S S S. S S S S ugh embodiments of the present invention operate V used secure system, a secure message may be sent to anyone anywhere who has an email address. The act of creating a new contact for receipt of a message automatically creates a new post box for that person into which a secure message may be deposited. The system is then operable to send the addressee an email which includes a hyperlink to a secure registration area whereby the recipient may register and collect their secure message. In one embodiment of the present invention the sender pays for transmission of the message and the recipient is able retrieve any messages free of charge.
Of course, any suitable charging scheme may be implemented.
For a better understanding of the invention, and to show how embodiments of the same may be carried into effect, reference will now be made, by way of example, to the accompanying diagrammatic drawings in which: Figure 1 shows a schematic of a system according to an embodiment of the present invention.
{NoLe: i gure 1. corresponds to Lhe schemd Li C i nc uded i ri your description of the invention. Please can you provide an o]ecLrorlic copy of it] In embodiments of the present invention, every user of the system is provided with a data area on a data storage device (such as hard disc drive) called a post box, which is unique to them and physically located on a secure single server network that can only be opened by a unique combination of elements.
S * *SS S *S* * S * S S S S * S S S S S * S S S S * * S * S S 55 555 555 These elements include an industry standard 128 bit SSL encrypted digital web certificate which allows the user to gain secure access to the secure system's website and is stored within the operating system of their own personal computer and a personal digital certificate linked to their unique post box, which is also stored within their operating system. This personal digital certificate, when presented together with a password known only to the individual user and the secure system, allows the user to access their post box. This level of security facilitates a secure and confidential data channel between information senders and recipients, whereby a given user may post messages and/or computer files into the in-tray of any other post box on the system, and whereby only the owner of that other post box is able to open and retrieve said messages, by presenting their digital certificates and user authentication to the secure system.
Embodiments of the present invention use secure certificates in two ways: Firstly, a digital web certificate is used to set up secure access to the site via SSL (Secure Socket Layer - "https") . The certificate is delivered to the user by the certificate- authority (CA) during a secure session using a one time session key. This session can only be triggered by selecting the personalised hyperlink provided in the registration email sent to the user's unique email address. This is the same security protocol used by any web site performing secure (ecornmerce) transactions, collecting confidential and sensitive data such as credit card details which conform to industry standard X.509. The * * *** S **S * * * S S S * * * S S S S S S *. S * S S S * * S S ** * S system utilises known authorjsed certificate-authority (CA) signed certificates and these certificates are the public keys used to create secure links to the Safe-Post webs ite.
Secondly, personal certificates (also known as Digital ID's) are used to authenticate the identity of each user seeking access to a post box. These certificates contain the unique safe-box identification number and certain security details associated with the owner of that safe- box. The certificate is delivered to the user by the certificate- authority (CA) during the same secure session described above. The site server generates and self-signs personal certificates for each registered user, which are paired' with the digital web certificate and the safe-box number allocated by the Safe-Post system which, in these circumstances, is the certificate-authority. These certificates are downloaded' to the user's Personal Computer and the browser automatically presents the certificate for verification in lieu of login authentication when the user connects to the site. The user then also has to input the unique password known only to them and the Safe-Post system to gain access to their post box. These personal certificates are the private keys.
Embodiments of the present invention make use of the internet, or any other generally available data network, to provide worldwide coverage. However, access is provided in a completely different way to that offered by regular prior art email systems. When a message is sent via a secure server according to an embodiment of the present invention, a user is accessing, via a secure data * * *** S *S* * * * S I I S * * S S * S S S S * S I S * S S 55 * S S S * S I S link, a remote secure server which provides no means for eavesdropping or interception. As soon as a message is uploaded to another user's post box, it is immediately available for collection by the addressee. These two secure steps act to replace the unpredictable and uncontrollable number of legs on a journey undertaken by a regular prior art email sent via both the sender and the addressee's ISP (Internet Service Provider), and various web and email servers.
Since a message sent according to an embodiment of the present invention departs directly from the desktop of a first user to a secure server, then directly to the desktop of a second user, no outside third party has an opportunity to intercept or read a message. Even if a third party were to intercept a message en route from a user's computer to the remote secure server or vice- versa, the message itself is encrypted using a minimum of 128 bit SSL encryption and, is therefore, in effect, unreadable.
In this instance, even individuals connected to the same intranet or internal system as a given user will have no access to a message sent via this means, as the communication takes place from an individual user's own computer directly with the remote server and any message is encrypted at all times whilst in transit.
A message sent according to an embodiment of the present invention can be sent to anyone, located anywhere, whether they are registered with the secure system or not. When a first user creates a new contact in their personal address book, the secure system automatically creates a new post * S **S S **S * * * S S * S S * * S S S S * ** S S S S S S * I S SI S S S S S. S S S S box for that newly created user. Once a message is deposited in the new user's post box, the system automatically advises the new user by a standard email that a confidential document has been despatched to them by the named user and is available for collection from the secure system.
The new user then has to register their individual post box with the secure system by completing an authentication process and downloading two digital certificates to the operating system on their personal computer. The authentication process includes the new user having to connect to the secure system via the link contained in the notification email originally sent to them. In this way, an individual user can identify themselves to the secure system by the email address at which they first received a notification of a secure message waiting for them.
According to an embodiment of the present invention, each post box contains an "in tray", "out tray", "history-in", "history-out", as well as "contacts" and "my admin". The "in tray" and "out tray" areas of the post box include transmitted and received messages respectively. The "history-in" and "history-out" sections include historical information providing an audit trail for all messages received and sent respectively. The "contacts" section provides the user with a customisable list of other post box owners to which he has sent, or is likely to send, secure messages. The "my admin" section primarily includes information regarding billing, security information and individual personal settings, enabling a user to customise his use of the system.
* S *SS * I..
* * S 5 * S S * S S S S S S I *5 S * * * S S S * S ** * S S S S. S S S S In order to create a post box for an individual, it is necessary to visit an assigned web-site and provide certain items of security information. Typical information required in order to open a post box with the secure system includes an individual's name, email address (which provides a unique global identifier for each individual registered with the system) and, optionally, details of an organisation with which the new user is associated. Upon creation of a post box for a new individual user, the post box is assigned an individual unique number enabling it to be uniquely identified.
The information provided is used by the system to validate the identity of the respective user. This is done by sending them an automated email message at the email address they provide, which includes a link (URL) to a personalised registration page at a web-site associated with the secure system which can only be accessed via the email. This process serves to validate the email address provided by the new user.
Upon selecting the link included in the email from the remote server, the new user is directed to their unique personalised registration page for completion of the registration process. The email address provided by the user at this stage to register the new post box will automatically become the post box owner's primary email address for communications with the remote server. Upon completion of the registration process, post box owners may add further email addresses if desired. Each additional email address provided in this way is verified in the same way as the primary email address to ensure accuracy of these secondary addresses. If the user * S *S* * S..
* S * S S S S * S * S S S S * 4. S S S S S * S IS S * S S ** S * S * desires, he may elect to use any of the additional email addresses as a primary address in the future by adjusting his personal settings accordingly. In this way a user can use a single post box to communicate securely with various discrete groups of people, where previously he required different email accounts to achieve the same flexibility, but with little or no security.
Having selected the link included in the email from the remote server and been taken to their unique personalised registration page, the new user is asked to provide certain items of information which are used to verify their identity and maintain the security of the site.
These details may take the form of certain security questions. The questions may include any question, the answer to which is likely to be known only by the individual concerned, or would otherwise be difficult to guess. Typical questions include first name, last name, date of birth, mother's maiden name, father's first name or other personal information. The registration process also includes the creation of a password. The password should be suitably lengthy to avoid easy cracking by a brute force method, and is typically between 6 and 12 characters long, should include both alphabetic and numeric characters and preferably nonalphanumeric characters (such as!, #, ?, , &) also. To ensure that it has been entered correctly, the user should be prompted for the new password more than once.
Only after successful completion of the registration process is the unique post box made available to the user, its number revealed, and the user is then requested to * S *IS * S..
S S S S S a - I I S S S * S I. I S S S 5 S S S S IS * S S S S. S S 1 * download the digital certificates associated with their post box to be stored on their own personal computer.
Downloading the digital certificates from the remote server automatically stores them in the appropriate folder on the user's personal computer which is used by the computer's operating system to identify digital certificates used by certain applications. This location is likely to be determined automatically by the computer's operating system, but the user may be prompted if necessary. Each future attempt to access the user's post box causes the remote server to access and check the downloaded digital certificates in the appropriate folder on the user's computer and then match them against the site and post box which is being accessed. If the certificate details do not match, then access is denied.
Upon successful completion of the registration process and downloading of the digital certificates, the post box is rendered secure and allows the secure transmission and reception of documents and/or other data files.
In order to access their secure post box, a user may log on to a web-site associated with the remote server, or select an icon which has been previously downloaded to their computer's desk top during the authentication process. In either event, the secure remote system checks the user's system to detect the presence of the previously downloaded digital certificates.
If detected successfully, the remote secure system matches the downloaded digital certificates to the associated post box without revealing this information to the individual.
* *_* S..
* . . . S I * * I * * S * I S. I a. , * * S. I * S S S. I * . The remote system then asks for the user's password, associated with the post box and one of the digital certificates.
If provided correctly, the user is granted access, having successfully proved to the remote server that they are indeed working from the computer from which the post box was registered and have provided the correct password, linked to their personal digital certificate and post box and known only to the owner of the post box and the secure system.
These two steps, combined, ensure that the remote server is able to verify the identity of both the computer and the individual, ensuring secure access to the post box.
If the password which is entered by the user is incorrect, the user is denied access to the post box, as he is unable to demonstrate his right to access it. If the user has forgotten the password, it is necessary to go through a further security checking procedure whereby the user must answer a number of their previously selected security questions, completed at authentication, to display their password on screen and to return them to the remote login screen. Once access has been provided, the user is directed to their "in tray" where any secure messages that have been sent to them are listed and may be selected for collection.
In order to provide universal global access to the secure messaging system, it is possible to access the secure remote server from any computer, even if it does not have e. 4 4 I I I * * 1 44 * I I 4 I I I * 4 ** I - 4* a p p S the downloaded digital certificates. This procedure will be described in more detail later.
Embodiments of the present invention comprise tried and tested standard security procedures to ensure high levels of security are employed in verifying users of the system and subsequently in authenticating those users. Each post box, which is created as described previously, is allocated a unique, randomly generated, serial number consisting of three letters and five numbers. This provides approximately a billion unique identifiers for individual post boxes.
The system, however, primarily uses a person's email address as the unique identifier by which they may be indexed and identified. As described previously, as part of the registration process, the secure server sends an email containing a link to a registration page to the email address which is provided by a new registrant. By following the link, the new user is directed to a unique registration page created for their individual post box, which allows that post box to be uniquely identified with the given email address.
After registration, a user's email address is no longer required for authentication purposes or access to the system and is only used by the remote server to communicate with the user on non-confidential matters, for instance to inform them that a secure message is waiting for collection on the remote server.
After successfully logging in, a user may amend any of the previously entered security information at any time. A as. a e.s a a S I S S a * II* I a.
a, S S I * t S S I I. I S I a a. I S * S user may also add additional email addresses to be associated with their post box. This may prove useful to a user who has more than one email address e.g. for business and private use, but who would prefer to use only one post box.
Additionally, a user who regularly accesses his secure post box from a second computer may choose to download secondary digital certificates to that computer allowing more simple and speedy access from that second computer. However, any attempt to access a particular post box from more than one
computer at a time will fail. In such an instance, the system will block access to the second or subsequent computer which tries to access an already accessed post box. A log is kept of any such attempts and the user may be informed of this via his primary email address. Any such message sent to the user may further require him to connect to his secure post box to re- confirm or alter his security settings, as appropriate.
Under a preferred billing arrangement, according to embodiments of the present invention, only the sender of the secure message is required to pay fees to the provider of the secure messaging service. In this way, a secure message may be transmitted to any person, even if they do not already have an account set up with the service provider.
In order to send a secure message therefore a user must have set up a secure post box as described previously but also must have provided valid payment details (e.g. credit card or bank details) and must have paid a post box activation fee. By paying said fee, the status of the * S *** S S * * S S S S * * * S S 5 S S *I S. S S 5 5 5 S 55: 5.s *** user is amended to enable them to send as well as receive secure messages. The payment details which are provided as part of this activation process are held on an independent secure database server and are never displayed on the server that houses the secure messages or web application software. Following payment of the activation fee, all further charges may be accumulated and billed on a periodic (e.g. monthly) basis using the payment details provided.
When a user has compiled a message for transmission via the secure system, the sent message simultaneously registers in their "out tray", their "history out" as well as in recipient's "in tray". The delivery by means of the secure message transfer system is quicker than regular email (in fact, almost instantaneous), is more certain to arrive and eliminates any risk of eavesdropping or interception as the secure message does not leave the secure message transfer system and ideally remains on the same physical server at all times until received and downloaded by the recipient.
As soon as the recipient collects the secure message, the details are immediately transferred to their "history in" and the time and date of collection is logged in this folder. Simultaneously, a record is made in the sender's "out tray" and their "history out".
If the recipient opens the message, but does not perhaps download and save a copy of any attachment included with it, he has the option of re-visiting the message and re- downloading the attachment to make a permanent copy within a pre- determined time limit e.g. 48 hours. In this way, if * I *SS I *II * I S * I I I * I S S S * I S S. S I I I I *
I I I SI I I S S
II I I I I
the message is accessed from an infrequently used machine, or is accidentally deleted, it is still available for a certain time, allowing the recipient to access the message and store/print/otherwise process it.
Once a message has been sent, it remains in the sender's "out tray" and the receiver's "in tray" until collected.
However, after a predetermined time (e.g. 48 hours), if a secure message remains uncollected, a collection reminder is emailed to the receiver and the sender is notified by secure message that said message remains uncollected. If after a further predefined period (e.g. seven days), the secure message remains uncollected, a further collection reminder is emailed to the receiver warning them that failure to collect the secure message within some further period (e.g. thirty days of sending) will result in the secure message being deleted from their "in tray". The sender is also notified at this time by secure message that said message remains uncollected and that failure by the receiver to collect it within the further deadline will result in the secure message being deleted from the secure server. If after the further period (e.g. thirty days from sending), a secure message remains uncollected, it is removed from both the receiver's "in tray" and the sender's "out tray". The receiver is advised of this by email and the sender is advised by secure message.
A user is able to keep track of past and possible future recipients of secure messages from himself via the "contact" folder or list which forms an integral part of his individual post box. In order to add a new contact, the user is able to select an appropriate menu option when logged into his post box which will take him to the * S 555 5 *SS * S S S S S S * S * * * S 5 5 S. $ 5 5 S * S S S S ** S S S S $0 S S S S contacts area of the post box. From there, he is able to select "add contact". The user will then be asked to supply the email address of the new contact. The secure server then scans the database for an already registered S person having that email address. If the system finds a match, it merely copies the person's individual post box number and other details, as needed, to the user's contact list. In this way, if a user wishes to send a secure message to another party which has already registered with the secure server, then the user is able to do that without any further processing required, since the intended recipient has already authenticated themselves with the secure system.
If, however, the system does not find a match for that email address, it further prompts the user for the individual's first and last name, which is used for validating a new user's identity when the new user attempts registration. Additionally, the name of the individual's organisation may be prompted for also.
Provision of the details by the user triggers the process for creating a new post box described previously and also adds details of the newly created post box to the user's contacts book or list. The user can then send a secure message to his new contact in advance of them registering their post box. In this way, after completing the registration process the new user is able to instantly retrieve his secure message.
In order to make the contacts list more user friendly, a user is able to edit the way that a particular contact's name is displayed by providing one or more contacts with a * * S.. * S..
* . . S S * . * S S S * * . S S. * S * S S * * . . S. * * S S ** * S S S "nickname" or "alias". This, in itself, does not affect the way that the secure system identifies the individual, but allows the user to more readily identify contacts in his list, particularly if more than one contact has the same first and last name.
In order to send a secure message, a user must first select the addressee from his contact list. The contact list can be arranged to display a list of all possible contacts in a sorted order. To send the message, the user simply selects one or more contacts to whom they wish to send a secure message. It is also possible to select contacts to receive a carbon copy (cc) or a blind carbon copy (bcc) of the message. Once one or more contacts have been selected, the user is able to select a send option which produces a new document window where electronic files may be attached and a message composed.
Upon completion of this new document window, when the user clicks a further send option, the message and any attachments are uploaded to the secure server and deposited into the recipients' post boxes as described previously. The remote server then displays a confirmation message to the user, which includes a transaction number and also stores details of the transmitted message as described previously. Upon closing the message window, the user is returned to their "out tray" where details of all sent secure messages may be seen. Provided in this view is a separate transaction reference and entry for individual tracking (and charging information) for every person to whom a secure message is sent or copied. This view also includes details of * * *** . S..
* . S * S S * * . S * * S S S S. S S S * * S S 55 * S S S
SS S S S S
whether a transmitted message has in fact been collected by the recipient.
As mentioned previously, a user can recall a secure message, which has been sent in error, at any time until the addressee collects it from the server. It is possible to tell from the "out tray" whether a particular message has been collected or not. If the message has not been collected, a "recall" option appears alongside the transaction record for that message. Selecting this recall option removes the secure message from the addressee's "in tray" and the sender's "out tray". The transaction record remains in the history folders and, because the addressee had previously been notified by email that they had a secure message awaiting collection, they will be further notified that the sender has recalled the message and that it is no longer available for collection.
A user may elect to be sent a regular email from the secure server to notify them that a secure message is awaiting collection. The recipient can then either select a suitable link (URL) provided in their email, which will take them directly to their login page via their internet browser, or click on a previously provided icon on their desk top or access the web-site associated with the secure server via their browser by keying the website address.
After successfully logging in to the remote server, the receiver is directed to their "in tray" where a list of secure messages which have been received is displayed.
From the list, the recipient is able to select the message they wish to collect by selecting the "collect" option * * *** a * * * * * S * * S S S S * * * a. . * a S S S S * ** . S S S S a S alongside the message log. Selecting this option causes a document window to be displayed which displays the addressee(s) of the secure message, the file or files attached, the subject text, reference text, and message text. Moving the cursor over any attached file causes it to be highlighted and clicking on any attached file when highlighted starts the download process. Standard PC browsing protocols locate a folder for filing any files thus downloaded. Having located the folder, the user can download the file by selecting "save".
Any text included in the message can be saved in the same way by selecting the "save message" button alongside the
message field.
In the event that the recipient has received any unwanted messages, they can, at this point, exclude the sender from sending them any further messages. This may be done by selecting an exclude option associated with a particular sender in the document display window.
Embodiments of the present invention provide a full audit trail of all secure messages sent and received. Each user's "history in" folder contains a log of all secure messages received in a previous defined period (e.g. 12 months) . The log includes the secure message transaction number, the sender's name and post box number, subject, the reference, the name and size of any attachments, time and date sent, the time and date collected, or if the message is uncollected or has been recalled. Similarly, each user's "history out" folder contains a log of all secure messages sent in the previous defined period (e.g. 12 months) including the same details referred to above.
* . **. . *** * I I * * * * * a a S I a a a *5 S S a. . * S S SI I I S * *5 1 * S S Any user may prevent any other user from sending them further secure messages by adding the details of that other user to an exclusion list maintained by the remote server. This may be done by selecting the exclude option referred to previously. Having selected a particular user to be excluded, the user must then provide at least one reason from a defined list to justify the exclusion. The list may be defined in the terms of use which are agreed upon when registering with the system. Typical reasons for requesting exclusion may include: fraudulent/unlawful, unknown origin, obscene, breach of copyright, breach of confidentiality, unsolicited, offensive or a virus. The user will not be able to exclude another user without selecting at least one of these reasons.
Once excluded, a user is removed from the excluding user's contacts book and prevented from adding the excluding user to their own contacts book again until such time as the excluding user lifts the exclusion.
If the reason for the exclusion is no longer valid, or if the user simply changes their mind, a user may be reinstated by removing that user from the exclusion list.
Unlike prior art spam filtering systems, where an
offending message leaves the sender's system and is only intercepted upon arrival at the recipient's system, embodiments of the present invention do not even allow a junk message to be created, as the prospective sender must be authorised to send a message to the intended recipient.
In this way, junk messages can not even be created in the first place, thus reducing the amount of bandwidth, * * 0S* * *** * * * S S S S * S I S S S S S S. I S S S S * S S * *5 S * S S storage and processing power which would otherwise be required to deal with unwanted messages.
Any user may log in to their post box whilst travelling, and therefore accessing the system from a different computer to usual. When an attempt to login is made and no digital certificates are detected by the secure system, the user is taken to a special remote login screen. By providing their first and last names, and their email address, the system will then require the accurate answers to a number of the security questions, set up previously, together with correct presentation of the user's password, before allowing access. At this point, the user will be given the opportunity to download secondary digital certificates to the machine being used, but will be encouraged to do so only if the machine is to be used frequently, rather than on a one-off basis.
Embodiments of the present invention therefore allow for more secure and reliable transmission of messages between users and bypass many of the problems commonly associated with insecure message protocols typified by prior art email systems.
Attention is directed to all papers and documents which are filed concurrently with or previous to this specification in connection with this application and which are open to public inspection with this specification, and the contents of all such papers and documents are incorporated herein by reference.
All of the features disclosed in this specification (including any accompanying claims, abstract and * * S.. * S..
* . I a S S * * S I * S * S * S. S S * * S * S S * *S S S S S S. S a a drawings), and/or all of the steps of any method or process so disclosed, may be combined in any combination, except combinations where at least some of such features and/or steps are mutually exclusive.
Each feature disclosed in this specification (including any accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise. Thus, unless expressly stated otherwise, each feature disclosed is one example only of a generic series of equivalent or similar features.
The invention is not restricted to the details of the foregoing embodiment(s). The invention extends to any novel one, or any novel combination, of the features
disclosed in this specification (including any
accompanying claims, abstract and drawings), or to any novel one, or any novel combination, of the steps of any method or process so disclosed.
* * S.. S *SS * . S I * S S * S S I * . I S S. S S * I I * * I S ** I S I I II I 5. S

Claims (11)

1. A method of transmitting a message from a first person to a second person, comprising the steps of: creating a secure data connection between a first computer, associated with the first user, and a central server; encrypting the message using a first digital certificate stored on said first computer and transmitting said encrypted message to the central server for storage in a data area associated with said second user, whereby the second user is able to access the central server via a secure data connection from a second computer, to download the message from said data area.
2. A method as claimed in claim 1 wherein the secure data connection from the first computer to the central server and from the central server to the second computer ensures that the message is encrypted at all times when in transit between said first and second computers and the central server.
3. A method as claimed in claim 1 or 2 wherein a second digital certificate stored on said first computer is associated with a post box allocated to the first user.
4. A method as claimed in any preceding claim wherein access to a particular user's post box is only possible upon presentation of the correct second digital certificate and a pre-configured password.
* S **
5 S *S* * S S * S S S * * * S S S S S *S * * * * S * * S S 55 5 S S S ** * S S * 5. A method as claimed in any preceding claim wherein the setting up of the secure data connection between a user's computer and the central server uses information included in the first digital certificate stored on the user's computer.
6. A method as claimed in any preceding claim wherein before a user is able to send or receive a first message, he must verify his identity by registering with the server via an email sent to his unique email address.
7. A method as claimed in claim 6 wherein the step of verifying identity includes a prospective user receiving an email from the central server at an email address previously provided, the prospective user following a hyperlink included in said email, thus verifying that the prospective user owns the email address claimed, said hyperlink leading to a data input form whereby the prospective user is able to enter certain personal information including selecting an individual password, and said central server then transmitting one or more digital certificates to said prospective user's computer for facilitating future access to the central server to send or receive messages.
8. A method as claimed in any preceding claim wherein a message sent by a first user to a second user may be recalled by said first user at any time prior to the second user collecting said message.
9. A method as claimed in any preceding claim wherein each message transmitted or received is logged and a * S **a S * S a a * S S * a S * * S S S SS S S * a a * a S *S * S * I ** S * S * record of all such transmissions and/or receptions is maintained in an associated user's data area.
10. A method as claimed in any preceding claim wherein a user may prevent any other user from sending them further messages by adding the details of said other user to an exclusion list maintained by the server.
11. A method of authenticating a prospective user of a computer-based service, comprising the steps of sending an email to an email address provided by said prospective user, said email including a hyperlink which leads said prospective user to a data input form whereby the prospective user is able to enter certain personal information, including selecting an individual password, and said computer-based service then transmitting one or more digital certificates to said prospective user's computer for facilitating future access to said computer- based service.
* so. S 5*5 * S S * S S S S * S S S 5, , 5 5 S S *S * S * * 4* 5 5 S *
GB0424496A 2004-11-05 2004-11-05 Secure email communication using a central server Withdrawn GB2420061A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB0424496A GB2420061A (en) 2004-11-05 2004-11-05 Secure email communication using a central server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB0424496A GB2420061A (en) 2004-11-05 2004-11-05 Secure email communication using a central server

Publications (2)

Publication Number Publication Date
GB0424496D0 GB0424496D0 (en) 2004-12-08
GB2420061A true GB2420061A (en) 2006-05-10

Family

ID=33523243

Family Applications (1)

Application Number Title Priority Date Filing Date
GB0424496A Withdrawn GB2420061A (en) 2004-11-05 2004-11-05 Secure email communication using a central server

Country Status (1)

Country Link
GB (1) GB2420061A (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6035402A (en) * 1996-12-20 2000-03-07 Gte Cybertrust Solutions Incorporated Virtual certificate authority
WO2001050291A1 (en) * 1999-12-30 2001-07-12 Leonard Jon N System and method for electronic mail message processing
US6360254B1 (en) * 1998-09-15 2002-03-19 Amazon.Com Holdings, Inc. System and method for providing secure URL-based access to private resources
US20020046188A1 (en) * 2000-06-12 2002-04-18 Burges Ronald Llewellyn Electronic deposit box system
GB2370892A (en) * 2000-08-15 2002-07-10 David Evans Internet/intranet data management system
US20020144109A1 (en) * 2001-03-29 2002-10-03 International Business Machines Corporation Method and system for facilitating public key credentials acquisition
US20030007645A1 (en) * 2001-07-05 2003-01-09 Safe Mail International Limited Ernest & Young Trust Corporation (Bvi) Limited Method and system for allowing a sender to send an encrypted message to a recipient from any data terminal
US20030229783A1 (en) * 2002-06-06 2003-12-11 Hardt Dick C. Distributed hierarchical identity management

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6035402A (en) * 1996-12-20 2000-03-07 Gte Cybertrust Solutions Incorporated Virtual certificate authority
US6360254B1 (en) * 1998-09-15 2002-03-19 Amazon.Com Holdings, Inc. System and method for providing secure URL-based access to private resources
WO2001050291A1 (en) * 1999-12-30 2001-07-12 Leonard Jon N System and method for electronic mail message processing
US20020046188A1 (en) * 2000-06-12 2002-04-18 Burges Ronald Llewellyn Electronic deposit box system
GB2370892A (en) * 2000-08-15 2002-07-10 David Evans Internet/intranet data management system
US20020144109A1 (en) * 2001-03-29 2002-10-03 International Business Machines Corporation Method and system for facilitating public key credentials acquisition
US20030007645A1 (en) * 2001-07-05 2003-01-09 Safe Mail International Limited Ernest & Young Trust Corporation (Bvi) Limited Method and system for allowing a sender to send an encrypted message to a recipient from any data terminal
US20030229783A1 (en) * 2002-06-06 2003-12-11 Hardt Dick C. Distributed hierarchical identity management

Also Published As

Publication number Publication date
GB0424496D0 (en) 2004-12-08

Similar Documents

Publication Publication Date Title
US7413085B2 (en) Techniques for displaying emails listed in an email inbox
US7487213B2 (en) Techniques for authenticating email
US7627640B2 (en) Messaging and document management system and method
US20060075028A1 (en) User interface and anti-phishing functions for an anti-spam micropayments system
US7945519B2 (en) Information management system
US20100095357A1 (en) Identity theft protection and notification system
US20080235766A1 (en) Apparatus and method for document certification
US20060080263A1 (en) Identity theft protection and notification system
US20060085504A1 (en) A global electronic mail classification system
US11582205B2 (en) System for sending e-mail and/or files securely
US20080028443A1 (en) Domain name related reputation and secure certificates
US20050182735A1 (en) Method and apparatus for implementing a micropayment system to control e-mail spam
US20100274634A1 (en) Method and system of conducting a communication
US20050125667A1 (en) Systems and methods for authorizing delivery of incoming messages
CA2335968A1 (en) Bi-directional, anonymous electronic transactions
WO2011041073A1 (en) Systems and methods for secure and authentic electronic collaboration
CN101218782A (en) System and method for warranting electronic mail using a hybrid public key encryption scheme
EP2335195B1 (en) Electronic business postal system
WO2006017937A1 (en) Identity theft protection and notification system
GB2420061A (en) Secure email communication using a central server
US9621539B2 (en) Method and apparatus for securing the privacy of a computer network
Regenscheid et al. A threat analysis on UOCAVA voting systems
WO2021021064A1 (en) A data sharing system
KR20010092026A (en) Method of issuing resident registration as plural E-mail ID and E-mail system thereof
Regenscheid et al. Security Best Practices for the Electronic Transmission of UOCAVA Election Materials

Legal Events

Date Code Title Description
732E Amendments to the register in respect of changes of name or changes affecting rights (sect. 32/1977)
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)