WO2001075559A2 - Agent-based secure handling of e-mail header information - Google Patents

Agent-based secure handling of e-mail header information Download PDF

Info

Publication number
WO2001075559A2
WO2001075559A2 PCT/SE2001/000623 SE0100623W WO0175559A2 WO 2001075559 A2 WO2001075559 A2 WO 2001075559A2 SE 0100623 W SE0100623 W SE 0100623W WO 0175559 A2 WO0175559 A2 WO 0175559A2
Authority
WO
WIPO (PCT)
Prior art keywords
mail
header
original
secure
information
Prior art date
Application number
PCT/SE2001/000623
Other languages
French (fr)
Other versions
WO2001075559A3 (en
Inventor
Adam Aquilon
Stefan Willehadson
Luis Barriga
Original Assignee
Telefonaktiebolaget Lm Ericsson (Publ)
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to US19385000P priority Critical
Priority to US60/193,850 priority
Priority to US67175800A priority
Priority to US09/671,758 priority
Application filed by Telefonaktiebolaget Lm Ericsson (Publ) filed Critical Telefonaktiebolaget Lm Ericsson (Publ)
Publication of WO2001075559A2 publication Critical patent/WO2001075559A2/en
Publication of WO2001075559A3 publication Critical patent/WO2001075559A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00Arrangements for user-to-user messaging in packet-switching networks, e.g. e-mail or instant messages

Abstract

A result e-mail (e1) is produced from a received secure e-mail (e) by decrypting (21) the body portion (18) of the received e-mail (e), and providing unencrypted header information (Hu'(16)) from the body portion (18) of the received e-mail (e) in the header portion (Hu(16)) of the received e-mail (e), thereby producing a header portion (Hu(16)) of the result e-mail (e1). The body portion (18) of the received e-mail (e) can then be encrypted (25), thereby producing a body portion (18) of the result e-mail (e1). The result e-mail (e1) can then be used by an e-mail client (5) for summarizing (17A), searching (17D), threading (17B), sorting (17C), etc. Also, encrypted header information (HE(16A)) can be provided in the header portion (16) of a secure e-mail (e), and the header portion (16) can be transmitted, without its corresponding body portion (18), over an air interface to a destination. The encrypted header information can be decrypted (17E) at the destination, and used to decide whether the body portion (18) should be transmitted. In any event, the decrypted header information (Hu(16)) can be used for the aforementioned e-mail client operations.

Description

AGENT-BASED SECURE HANDLING OF E-MAIL HEADER INFORMATION

BACKGROUND OF THE INVENTION Technical Field of the Invention

The invention generally relates to e-mail communications and, more particularly, to methods for improved security in the transmission of e-mail communications, and devices therefor.

Description of Related Art and Background E-mail is now one of the most widely used forms of asynchronous communication. Given the number of mobile terminals and smart phones currently available, solutions that make e-mail available at the mobile terminals have become much more in demand. Naturally, people want this kind of availability to be both secure (e.g., secure against eavesdropping or traffic analysis based on header information) and convenient for archival, retrieval, sorting and searching.

There are several solutions for secure access to corporate e-mail on the Internet. Pretty Good Privacy (PGP) and S/MIME are the most popular ones, but they only allow secure e-mail for point-to-point communication when all parties have a certificate or public key pair. For domain-to-point mail, e.g., mail from a company (corporate domain) to a receiver in a public domain, gateway-based solutions have been proposed, as exemplified by Applicants' Assignee's co-pending U.S. Patent Application Serial No. 09/198,822, entitled "Method and System for Security Data Objects", filed on February 24, 1998, in which plaintext e-mail from within a domain is automatically secured by a gateway before leaving a domain. An IETF proposed protocol describes a secure e-mail method for domain-to-domain security, also based on gateways.

In domain-to-point or domain-to-domain secure e-mail, gateways perform partial or full e-mail protection. With partial protection, gateways protect or secure (e.g., by encryption) part of an e-mail message, usually the body, but leave the headers in plaintext. With full protection, the whole e-mail, i.e., body plus headers, is protected (e.g., encrypted), and minimal header information needed for delivery of the message (commonly the receiver's address) is also left unprotected. The reason behind this is that headers can reveal potential confidential information. The entire header is provided along with the body in the protected body portion of a full- protection e-mail, and the receiver's address is also provided, unprotected, in the header portion of a full-protection e-mail.

On the client side, when using full-protection e-mail, it is difficult for standard e-mail clients to show the headers, such as the "Subject:", in the message summary.

Furthermore, the e-mail client cannot perform more advanced tasks such as threading, sorting or searching, because the necessary headers for this are within the protected body portion of the full-protection e-mail. As a result, users do not get a convenient overview of the messages.

Several methods exist to solve these problems: special protocols, changes to existing e-mail clients and entirely custom e-mail clients can present the message in a convenient way to the user. Unfortunately, these methods are typically cumbersome for the average user to handle. In addition to handling passwords, hardware or software key-generators, certificates, etc., users typically must also learn to use special e-mail clients or modify to a great extent their behavior when using normal e-mail clients. It is, therefore, desirable to provide services such as e-mail message summaries and more advanced tasks, such as mentioned above, while maintaining desired e-mail security, and without complicating the user interface.

SUMMARY OF THE INVENTION The invention produces a result e-mail from a received secure e-mail that was in turn produced from an original e-mail. Information contained in a body portion of the received secure e-mail is decrypted, and a portion of the decrypted information from the body portion is provided in a header portion of the received e-mail, thereby producing a header portion of the result e-mail. In another embodiment of the present invention, the decrypted information includes non-header, body portion information, which is re-encrypted or reconstructed, thereby producing a body portion of the result e-mail. The result e-mail in either embodiment can then be provided for use by an e- mail client, which can advantageously use the decrypted information in the header portion to perform standard tasks, such as summarizing, threading, sorting or searching, while the information in the body portion of the result e-mail is advantageously still encrypted.

Also according to the invention, encrypted header information can be provided in the header portion of a secure e-mail, and this header portion can be transmitted, without its corresponding body portion, to a destination via an air interface. At the destination, the encrypted header information can be decrypted, and advantageously used to determine whether or not the body portion should be transmitted to the destination over the air interface pursuant to a variety of parameters. In any event, the decrypted header information can be advantageously used by an e-mail client at the destination to perform standard procedures such as summarizing, threading, sorting and searching.

BRIEF DESCRIPTION OF THE DRAWINGS

For a more complete understanding of the present invention, reference is now made to the following detailed description taken in conjunction with the accompanying Drawings where: FIGURE 1 diagrammatically illustrates an exemplary e-mail communication system utilized in connection with the implementation of the subject matter of the present invention;

FIGURE 2 diagrammatically illustrates a first exemplary embodiment of an agent, as described in connection with FIGURE 1 ; FIGURE 3 diagrammatically illustrates exemplary operations performed by the agent of FIGURE 2;

FIGURE 4 diagrammatically illustrated a currently preferred exemplary embodiment of an agent, as described in connection with FIGURE 1 ;

FIGURE 5 diagrammatically illustrates exemplary operations performed by the agent of FIGURE 4; FIGURE 6 diagrammatically illustrates another exemplary e-mail communication system according to the invention;

FIGURE 7 diagrammatically illustrates an exemplary embodiment of a mobile terminal used in connection with the system shown in FIGURE 6; and FIGURE 8 diagrammatically illustrates exemplary operations which can be performed by the system of FIGURE 6.

DETAILED DESCRIPTION OF THE PRESENTLY PREFERRED EXEMPLARY EMBODIMENTS The numerous innovative teachings of the present application will be described with particular reference to the presently preferred exemplary embodiments. However, it should be understood that this class of embodiments provides only a few examples of the many advantageous uses of the innovative teachings herein. In general, statements made in the specification of the present application do not necessarily delimit any of the various claimed inventions. Moreover, some statements may apply to some inventive features but not to others.

With reference now to FIGURE 1 of the Drawings, there is diagrammatically illustrated pertinent portions of an exemplary e-mail communication system for domain-to-point mail, that is, mail sent from one domain, for example, a corporate or company domain, to a receiver's communication station, for example, a desktop computer, a laptop or other mobile computer, or a mobile telephone, in a public domain. In FIGURE 1, an original e-mail 10 includes a header portion (Uυ) 7 and a body portion (Bυ) 9. The header portion 7 includes the unencrypted header H-j of the e-mail 10, and the body portion 9 includes the unencrypted body Bυ (i.e., all information other than the information in the header Hυ).

The original e-mail 10 is input to an encryptor 11 provided, for example, in a security mail gateway which handles security for a corporate domain. In response to the original e-mail 10, the encryptor 11 outputs a protected e-mail, generally designated by the reference identifier e, including a header portion 16 and a body portion 18. The body portion 18 includes an encrypted version HE of the unencrypted header H,j of the original e-mail 10, and an encrypted version BE of the unencrypted body B-j of the original e-mail 10. The header portion 16 of e-mail e includes unencrypted header information H'-j which typically includes a portion of the unencrypted header Hυ of the original e-mail 10, for example the receiver's address, or both the receiver's address and the sender's address. However, the unencrypted header information H'-j in the header portion 16 advantageously does not include information that describes the substantive content of the original e-mail message (e.g., the "Subject:"), and also advantageously does not include information which would permit unwanted traffic or network analysis of e-mail communications. This type of information is provided only in the encrypted header HE in the body portion 18 of e- mail e.

The e-mail e can be transmitted from the corporate domain through an e-mail communication path, generally designated by the reference numeral 13, to a conventional mail server 12, which can in turn forward the e-mail e to the receiver in the public domain via an e-mail communication path 15. The e-mail communication path 15 can include, for example, a data network, a radio air interface, or both. Thus, through the communication channel represented at 13, 12 and 15, the e-mail e is provided to the receiver's e-mail communication station, generally designated in FIGURE 1 by the reference numeral 5.

An agent 14 in the receiver's e-mail communication station 10 receives as input the e-mail e, and produces in response thereto a modified e-mail, generally designated by the reference identifier e'. The body portion 18 of the modified e-mail e' is, in this example, identical to the body portion 18 of the e-mail e, including the encrypted version HE of the original header H-j and the encrypted version BE of the original body Bυ. However, the e-mail e' differs from the e-mail e in that the header portion 16 of the e-mail e' includes the unencrypted (e.g., plaintext) header Hυ of the original e-mail 10.

The e-mail e' is provided as input to an e-mail client, which can use the unencrypted header Hυ along with standard conventional e-mail processing techniques to further process the e-mail e'. Examples of conventional components that perform these standard techniques are illustrated in FIGURE 1. For example, a summarizer

17A can use conventional techniques with respect to the unencrypted header H-_- to provide a message summary to the user. Similarly, a threader 17B, a sorter 17C and a searcher 17D can, respectively, perform conventional threading, sorting and searching operations with respect to the e-mail e'. Also, a decryptor 17E of the e-mail client can perform a conventional decryption operation on the encrypted body BE in the body portion 18 of e-mail e', so that the user can read the information in the original unencrypted body Bυ.

It can, therefore, be seen that the agent 14 of FIGURE 1 permits the e-mail client to perform conventional operations, such as summarizing, threading, sorting, searching, etc., by use of the unencrypted header H-j, while the information from the body of the original e-mail 10 is retained in encrypted form as BE in the body portion

18 of the e-mail e'.

With reference now to FIGURE 2, there is diagrammatically illustrated a first exemplary embodiment of the various actions performed by the agent 14 of FIGURE 1. In the embodiment shown in FIGURE 2, the e-mail e, as received at the agent 14 in FIGURE 1, is input to a decryptor 21, which can use conventional decryption techniques to decrypt the encrypted header HE and the encrypted body BE in the body portion 18 of e-mail e. Thus, decryptor 21 outputs a transitional e-mail el whose header portion 16 is identical to that of the input e-mail e, i.e., an abbreviated form of the original header portion 7, but whose body portion includes the unencrypted header H-j and the unencrypted body Bυ of the original e-mail 10, as illustrated and described in connection with FIGURE 1.

With reference again to FIGURE 2, the transitional e-mail el is input to an information handler 23, which manipulates information in the transitional e-mail el to produce a further transitional e-mail e2. As shown in FIGURE 2, the header portion 16 of the transitional e-mail e2 produced by the information handler 23 includes the unencrypted header Hυ of the original e-mail 10. The body portion 18 of the transitional e-mail e2, however, is identical to the body portion 18 of the transitional e-mail el. In the embodiment of FIGURE 2, the information handler 23 copies the unencrypted (e.g., plaintext) header Hu from the body portion 18 of the transitional e- mail el into the header portion 16 thereof to produce the transitional e-mail e2 with the full header portion Hy. The unencrypted header information Wυ can therefore be discarded by the information handler 23 in this embodiment, because all of the information in H'-j is included in the unencrypted header Hυ.

Finally, the transitional e-mail e2 output from the information handler 23 is input to an encryptor 25, which can use conventional techniques to encrypt the header H-j and the body Bυ provided in the body portion 18 of the transitional e-mail e2, thereby producing the e-mail e', as described above with respect to FIGURE 1.

FIGURE 3 illustrates exemplary operations performed by the agent of FIGURE 2. For example, at step 31, the body portion of the received e-mail e is decrypted to produce the transitional e-mail el. Thereafter at step 33, the decrypted header information from the body portion of transitional e-mail el is copied to the header portion of transitional e-mail e2, as described above in connection with FIGURE 2. Thereafter at step 35, the information in the body portion of the transitional e-mail e2 is encrypted to produce the desired e-mail e'. At step 37, the aforementioned conventional e-mail client operations can be performed on e-mail e' based on the unencrypted header Hy.

With reference now to FIGURE 4 of the Drawings, there is diagrammatically illustrated a currently preferred embodiment of the present invention, which avoids many computations by a client having limited resources, e.g., the re-encrypting of the message by the encryptor 25 to create transitional e-mail e2 (step 35), as illustrated and described in connection with FIGURES 2 and 3.

In the presently preferred embodiment shown in FIGURE 4, the e-mail e, as received at the agent 14 in FIGURE 1, is input to a decryptor 41, which starts decrypting the body part of e-mail e, as described in connection with FIGURE 2. However, in this preferred embodiment, when the decryptor 41 discovers information indicative of a separation between the respective header Uυ and body Bυ portions, e.g., by detection of a header terminator flag 42 or other demarcation indicator marking the separator between the encrypted header and body portions within the body portion of e-mail e, the decryptor 41 stops after decrypting the header portion without undertaking the computationally heavy decryption of the more voluminous body portion Bυ of the original message 10. In other words, after decryptor 41 detects the flag or indicator 42, the decryptor 41 has completed decryption of the entire header portion, leaving the contents of the body portion untouched.

As shown in FIGURE 4, the decrypted header Hυ is preferably temporarily stored at a memory 43. An information handler 45 replaces the header part 16 of the e-mail e with the extracted full header Hυ stored in memory 43 to form e-mail e'.

Since only the pertinent header H-j information has been decrypted for client usage, no re-encryption, e.g., by the encryptor 25 of FIGURE 2, is necessary, thereby avoiding step 35 of FIGURE 3.

With reference now to FIGURE 5, exemplary operations performed by the agent of FIGURE 4 are illustrated. For example, at step 51 , only the encrypted header portion HE of received e-mail e is decrypted and the decrypted header Kυ temporarily stored. As the decryption of the header portion transpires, a check is periodically made (step 53) whether the header decryption is complete, e.g., whether the aforementioned header terminator flag 42 (or other indicator) has been detected. If not, then decryption continues at step 51. Otherwise, the decrypted header portion Hυ is temporarily stored within memory 43 (step 55). The information handler 45, at step 55, copies the still encrypted body portion 18 of e-mail e to e-mail e' (step 57), and at step 58, copies the stored header υ from intermediate memory 43 to the header portion 16 of e-mail e'. Finally, at step 59, the aforementioned conventional e-mail client operations can be performed based on the unencrypted header Hυ.

In domain-to-point e-mail communications where the receiver's communication station, e.g., the communication station 5 in FIGURE 1, is a mobile terminal, such as a mobile telephone, a user of the mobile terminal may prefer to postpone reading of very large e-mail messages until another communication station is available, for example, a desktop computer. However, the user of a mobile terminal cannot determine the size of an e-mail message until it has been completely transferred to the mobile terminal over the associated air interface. Similarly, other considerations may warrant non-transference of the body portion of the e-mail for a variety of other reasons, e.g., priority, privacy, etc. In other words, the information stored in H'-j alone may not suffice to make this determination since the unencrypted header H',j contains minimal information. The problem then is to transfer the full H-j without the whole body part, thereby giving the receiver full header information and an enhanced ability to handle the e-mail. The exemplary e-mail communication system shown in FIGURE 6 provides a preferred solution to this problem.

In the exemplary system of FIGURE 6, the security mail gateway of a corporate domain includes, in addition to the encryptor 11 of FIGURE 1 , an information handler

61. The encryptor 11 outputs separately the encrypted header HE and an encrypted entity resulting from the combined encryption of H-j and Bυ, i.e., the two parts cannot be separately identified in the encrypted entity. A dashed line 11 A separating the two parts HE and BE in body portion 18 indicates that the encrypted header and body portions are not normally separately distinguishable. If, in an alternate embodiment of the present invention, the encrypted header and body portions could be distinguished, a demarcation flag may be employed to mark the boundary.

The output from the encryptor 11 and the header Hυ from the original unsecure e-mail 10 are then input to the aforementioned information handler 61, which as illustrated in FIGURE 6, processes the input to produce e-mail e3. As shown in the figure, the header portion of e-mail e3 includes a header portion H'-j, typically a portion of the original header Hυ, and the encrypted header HE. The body portion 18 of e-mail e3 is identical to the body portion 18 of the protected e-mail e3, including both the encrypted header HE and the encrypted body BE. A full line 16A separating the H'y and HE in 16 indicates that the two parts can be separately identified, whereas a dashed line 18 A, as with line 11A, indicates an indistinguishable divide.

The information handler 61 in this embodiment of the present invention utilizes a permitted feature of Internet Standard RFC822, according to which standard the protected e-mail can, in some instances, be produced. In particular, the RFC822 standard permits the header portion 16 to contain additional extended header fields of arbitrary length. Accordingly, in some embodiments, the information handler 61 copies the encrypted header HE, separately input to the information handler, into an extended field of the header portion 16 of e-mail e3. Alternatively, the separately output HE from the encryptor 11, identical to HE in the header portion 16, should at least be indicative of the contents of the message instead of the entire encrypted header

HE. E-mail e3 is, thereafter, loaded into, for example, a conventional mail server 67, which separates the header portion 16 from the body portion 18 thereof, e.g., using flags or other indicators such as flag 42 discussed in more detail hereinabove in connection with FIGURE 4. Upon request, the header portion 16 is further transmitted, through a mobile (e.g., cellular) network 68, to a receiving client at a mobile terminal 69. The receiving client decides, by analyzing the decryption of header HE at least indicative of the contents of the message, if the full body portion 18 should be requested from the mail server 67.

FIGURE 7 diagrammatically illustrates pertinent portions of an exemplary embodiment of the mobile terminal 69 illustrated and described in connection with FIGURE 6. A decryptor 72 in the mobile terminal 69 receives the separated header portion (containing the unencrypted and encrypted versions of the header portions as shown in FIGURE 6) from the air interface, and uses conventional techniques to decrypt the encrypted header portion HE thereof, thereby producing the unencrypted header Hυ of the original e-mail message 10, as shown in FIGURE 1. This unencrypted header H-j is then applied to a decision logic 74, which determines, for example, from information in the header Hυ indicative of various parameters concerning the e-mail message how to proceed. The parameters may pertain to any operational aspects of the transmission, e.g., the identity of the sending party, priority, the size of the e-mail message, and whether or not to communicate back through the air interface a request for the security mail gateway to provide from the storage section

65 the separated body portion 18 (see FIGURE 6) or at least the encrypted body BE.

The unencrypted header H-j can also be provided to an e-mail client in the mobile terminal 69, and the e-mail client can use this header to perform the conventional e-mail client operations described above with respect to FIGURE 1. FIGURE 8 illustrates exemplary operations which can be performed by the exemplary system of FIGURE 6. For example, at step 81, the encrypted header information from the body portion of the protected e-mail e is copied to the header portion thereof to produce the transitional e-mail e3. Thereafter, at step 83, the header portion of e-mail e3 is transmitted over the air interface, and, at step 85, the received encrypted header information is decrypted by the mobile terminal to obtain the unencrypted header Hυ. At step 87, it is decided from the header H-j whether to request transmission of the stored body portion of e-mail e3 over the air interface. It should be understood that if it is decided that the body portion is too long to send over the air interface to the mobile terminal, then the user of the mobile terminal can request transmission of the stored body portion later when another communication station, such as a desktop or other computer, is available. At step 89, the aforementioned conventional e-mail client operations can be performed based on the unencrypted header Hυ.

It will be evident to workers in the art that an agent according to the invention can be implemented, for example, by a suitably programmed data processor provided in an e-mail communication station, such as a mobile computer or a mobile telephone, as generally referred by reference numeral 5 in FIGURE 1. As another example, an agent according to the invention can also be implemented by such suitably programmed data processor in combination with other external components. It will also be evident that a security mail gateway according to the invention can be readily implemented, for example, by suitable modifications in software, hardware or both in a conventional security mail gateway.

Although exemplary embodiments of the present invention have been described above in detail, this does not limit the scope of the invention, which can be practiced in a variety of embodiments.

Claims

WHAT IS CLAIMED IS:
1. A method for producing a result e-mail from a received secure e-mail, said secure e-mail being produced from an original e-mail having original header and body portions therein, said method comprising the steps of: decrypting, by an agent receiving said received secure e-mail, a plurality of information contained within a body portion of said received secure e-mail, said plurality of decrypted information comprising said original header portion of said original e-mail; and forwarding, by said agent, said plurality of decrypted information to a header portion of said result e-mail.
2. The method according to claim 1 , wherein said plurality of information decrypted from said body portion of said received secure e-mail comprises said original header portion and said original body portion of said original e-mail, and wherein said step of forwarding forwards only to said header portion of said result e- mail.
3. The method according to claim 2, further comprising the steps of: after said step of decrypting and prior to said step of forwarding, encrypting said plurality of decrypted information; and forwarding, by said agent, said plurality of encrypted information to said body portion of said result e-mail.
4. The method according to claim 1, comprising, after said step of forwarding, the step of: summarizing said header portion of said result e-mail, said summarized header portion corresponding to a summary of said original e-mail.
5. The method according to claim 1 , further comprising, after said step of forwarding, the step of: sorting said result e-mail according to said header portion thereof, said step of sorting corresponding to a sorting of said original e-mail.
6. The method according to claim 1 , further comprising, after said step of forwarding, the step of: threading said result e-mail according to said header portion thereof, said step of threading corresponding to a threading of said original e-mail.
7. The method according to claim 1 , further comprising, after said step of forwarding, the step of: searching said result e-mail according to said header portion thereof, said step of searching corresponding to a searching of said original e-mail.
8. An apparatus for producing a result e-mail from a received secure e- mail, said secure e-mail being produced from an original e-mail, having original header and body portions therein, said apparatus comprising: a decryptor for decrypting a plurality of information contained within a body portion of the received secure e-mail, said plurality of decrypted information comprising said original header portion of said original e-mail; and an information handler, coupled to said decryptor, for forwarding said plurality of decrypted information to a header portion of the result e-mail.
9. The apparatus according to claim 8, further comprising: an encryptor, coupled to said information handler, for encrypting said plurality of decrypted information, the plurality of encrypted information encrypted by said encryptor being forwarded by said information handler to a body portion of said result e-mail.
10. The apparatus according to claim 8, further comprising: a summarizing means for summarizing said header portion of said result e-mail containing said plurality of decrypted information, said summarized header portion corresponding to a summary of said original e-mail.
11. The apparatus according to claim 8, further comprising: a sorting means for sorting said header portion of said result e-mail containing said plurality of decrypted information, said sorted header portion corresponding to a sorting of said original e-mail.
12. The apparatus according to claim 8, further comprising: a threading means for threading said header portion of said result e-mail containing said plurality of decrypted information, said threaded header portion corresponding to a threading of said original e-mail.
13. The apparatus according to claim 8, further comprising: a searching means for searching said header portion of said result e- mail containing said plurality of decrypted information, said searched header portion carrier pending to a searching of said original e-mail.
14. The apparatus according to claim 8, wherein said apparatus is selected from the group consisting of a computer, a mobile computer and a mobile telephone.
15. A method for producing from an original e-mail a secure e-mail adapted for transmission over an air interface, said method comprising the steps of: providing, in a body portion of the secure e-mail, encrypted versions of a header and a body of the original e-mail; providing, in a header portion of the secure e-mail, unencrypted information from the header of the original e-mail; and providing, in the header portion of the secure e-mail, at least a portion of the encrypted version of the header of the original e-mail.
16. The method according to claim 15, wherein the secure e-mail is formed according to Internet Standard RFC822.
17. The method according to claim 15, wherein said last-mentioned providing step includes providing in the header portion of the secure e-mail the encrypted version of the header of the original e-mail.
18. The method according to claim 15, further comprising the step of: transmitting the header portion without the body portion over an air interface to a destination.
19. The method according to claim 18, further comprising the step of: decrypting, at a destination of said secure e-mail, the encrypted header information contained in the header portion, and responsive to the decrypted header information, selectively requesting transmission of the body portion over the air interface to the destination.
20. The method according to claim 19, further comprising the step of: summarizing said header portion containing said unencrypted header information based on the content of the original e-mail without having received the body portion of the secure e-mail at the destination.
21. The method of claim 15, wherein said encrypted header portion of said original e-mail includes information indicative of a length of the original e-mail.
22. The method of claim 15, wherein the unencrypted information in the header portion of the secure e-mail includes an address of a desired receiver of the secure e-mail.
23. An apparatus for producing from an original e-mail a secure e-mail adapted for transmission over an air interface, comprising: an encryptor for receiving the original e-mail and, responsive thereto, providing in a body portion of the secure e-mail encrypted versions of a header and a body of the original e-mail, said encryptor further for providing in a header portion of the secure e-mail unencrypted information from the header of the original e-mail; and an information handler coupled to said encryptor for providing in the header portion of the secure e-mail at least a portion of the encrypted version of the header of the original e-mail.
24. The apparatus according to claim 23, provided in a security mail gateway of a corporate e-mail domain.
25. The apparatus according to claim 23, including a separator for separating the header portion of the secure e-mail from the body portion thereof, and including an output coupled to said separator for outputting the separated header portion to a destination via an air interface.
26. The apparatus according to claim 25, including a storage section coupled to said separator for storing therein the separated body portion, said storage section coupled to said output for permitting later transmission of the separated body portion over the air interface to the destination.
27. An e-mail communication station for receiving e-mail via an air interface, comprising: an input for receiving via the air interface a header portion of a secure e-mail without a corresponding body portion; a decryptor coupled to said input for decrypting encrypted header information in the received header portion of the secure e-mail; and decision logic coupled to said decryptor for receiving therefrom the decrypted header information, said decision logic responsive to the decrypted header information for selectively requesting transmission of the body portion of the secure e-mail to the e-mail communication station via the air interface.
28. A method of receiving a secure e-mail via an air interface, comprising: receiving a header portion of the secure e-mail via the air interface without a corresponding body portion; decrypting encrypted header information in the received header portion of the secure e-mail; and in response to the decrypted header information, selectively requesting, via the air interface, transmission of the body portion via the air interface.
PCT/SE2001/000623 2000-03-30 2001-03-22 Agent-based secure handling of e-mail header information WO2001075559A2 (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
US19385000P true 2000-03-30 2000-03-30
US60/193,850 2000-03-30
US67175800A true 2000-09-26 2000-09-26
US09/671,758 2000-09-26

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
AU4492501A AU4492501A (en) 2000-03-30 2001-03-22 Agent-based secure handling of e-mail header information

Publications (2)

Publication Number Publication Date
WO2001075559A2 true WO2001075559A2 (en) 2001-10-11
WO2001075559A3 WO2001075559A3 (en) 2002-02-28

Family

ID=26889416

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SE2001/000623 WO2001075559A2 (en) 2000-03-30 2001-03-22 Agent-based secure handling of e-mail header information

Country Status (2)

Country Link
AU (1) AU4492501A (en)
WO (1) WO2001075559A2 (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1761870A1 (en) * 2004-04-30 2007-03-14 Research In Motion Limited System and method for searching secure electronic messages
EP2224656A1 (en) 2009-02-27 2010-09-01 Research In Motion Limited Systems and methods for protecting header fields in a message
EP2224655A1 (en) 2009-02-27 2010-09-01 Research In Motion Limited Systems and methods for protecting header fields in a message
US20100223331A1 (en) * 2009-02-27 2010-09-02 Research In Motion Limited Systems and methods for protecting header fields in a message
US20120143960A1 (en) * 2010-12-03 2012-06-07 International Business Machines Corporation Related message detection and indication
US8499045B2 (en) 2009-02-27 2013-07-30 Research In Motion Limited Systems and methods for protecting header fields in a message

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000046951A2 (en) * 1999-02-04 2000-08-10 Cidco, Inc. Apparatus and method for embedding diverse data within a standard e-mail message
WO2001043329A2 (en) * 1999-12-10 2001-06-14 Sun Microsystems, Inc. Enabling simultaneous provision of infrastructure services

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000046951A2 (en) * 1999-02-04 2000-08-10 Cidco, Inc. Apparatus and method for embedding diverse data within a standard e-mail message
WO2001043329A2 (en) * 1999-12-10 2001-06-14 Sun Microsystems, Inc. Enabling simultaneous provision of infrastructure services

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
D CHAUM : "Untraceable electronic mail, return addresses, and digital pseudonyms" UP TO CRYPTOGRAPHY, February 1981 (1981-02), XP002901897 retrieved from the internet http://world.std.com/franl/crypto/chaum-ac m-1981.html[retrieved on 2001-09-12] *
P F SYVERSON ET AL: "Anonymous connections and onion routing" 1997 IEEE SYMPOSIUM ON SECURITY AND PRIVACY, [Online] XP002901898 Retrieved from the internet: http://citeseer.nj.nec.com/13001.html [retrieved on 2001-09-12] *

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8667603B2 (en) 2004-04-30 2014-03-04 Blackberry Limited System and method for searching secure electronic messages
EP1761870A4 (en) * 2004-04-30 2007-10-03 Research In Motion Ltd System and method for searching secure electronic messages
EP2112604A3 (en) * 2004-04-30 2009-11-04 Research in Motion Limited System and method for searching secure electronic messages
EP1761870A1 (en) * 2004-04-30 2007-03-14 Research In Motion Limited System and method for searching secure electronic messages
US8326931B2 (en) 2009-02-27 2012-12-04 Research In Motion Limited Systems and methods for protecting header fields in a message
US20100223331A1 (en) * 2009-02-27 2010-09-02 Research In Motion Limited Systems and methods for protecting header fields in a message
EP2224655A1 (en) 2009-02-27 2010-09-01 Research In Motion Limited Systems and methods for protecting header fields in a message
US20120297002A1 (en) * 2009-02-27 2012-11-22 Research In Motion Limited Systems and methods for protecting header fields in a message
EP2224656A1 (en) 2009-02-27 2010-09-01 Research In Motion Limited Systems and methods for protecting header fields in a message
US8463863B2 (en) 2009-02-27 2013-06-11 Research In Motion Limited Systems and methods for protecting header fields in a message
US8499045B2 (en) 2009-02-27 2013-07-30 Research In Motion Limited Systems and methods for protecting header fields in a message
US20130246547A1 (en) * 2009-02-27 2013-09-19 Research In Motion Limited Systems and methods for protecting header fields in a message
US20130282848A1 (en) * 2009-02-27 2013-10-24 Research In Motion Limited Systems and methods for protecting header fields in a message
US9350689B2 (en) 2009-02-27 2016-05-24 Blackberry Limited Systems and methods for protecting header fields in a message
US20120143960A1 (en) * 2010-12-03 2012-06-07 International Business Machines Corporation Related message detection and indication
US9055018B2 (en) * 2010-12-03 2015-06-09 International Business Machines Corporation Related message detection and indication

Also Published As

Publication number Publication date
AU4492501A (en) 2001-10-15
WO2001075559A3 (en) 2002-02-28

Similar Documents

Publication Publication Date Title
Doraswamy et al. IPSec: the new security standard for the Internet, intranets, and virtual private networks
Karn et al. Photuris: Session-key management protocol
US8677138B2 (en) System and method of secure authentication information distribution
US9628269B2 (en) System and method for secure message key caching in a mobile communication device
JP3926792B2 (en) System and method for compressing a secure e-mail for exchanging the mobile data communication device
US8607326B2 (en) Message-handling server and method for handling secure message attachments for a mobile device
CN1197023C (en) Method and system for securely transferring data set in a data communications system
USRE45087E1 (en) Certificate management and transfer system and method
US5966448A (en) Cryptographic communication system
CN1224212C (en) Data securing communication apparatus and method
CA2479601C (en) System and method for transmitting and utilizing attachments
EP1010283B1 (en) E-mail firewall with stored key encryption/decryption
US8468126B2 (en) Publishing data in an information community
US7016499B2 (en) Secure ephemeral decryptability
US6988199B2 (en) Secure and reliable document delivery
US9100370B2 (en) Strong SSL proxy authentication with forced SSL renegotiation against a target server
US7196807B2 (en) Encrypted e-mail message retrieval system
US6061448A (en) Method and system for dynamic server document encryption
US7650500B2 (en) Encryption communication system
EP1417814B1 (en) System and method for processing encoded messages
CN1155198C (en) Encryption and decryption method and apparatus
US7036010B2 (en) Method and apparatus for a secure communications session with a remote system via an access-controlling intermediate system
Ylonen et al. The secure shell (SSH) protocol architecture
US8898482B2 (en) Encryption system using clients and untrusted servers
US20060085503A1 (en) Data communications system using e-mail tunnelling

Legal Events

Date Code Title Description
AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
AK Designated states

Kind code of ref document: A3

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A3

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase in:

Ref country code: JP