WO2002023785A2 - Messagerie securisee - Google Patents

Messagerie securisee Download PDF

Info

Publication number
WO2002023785A2
WO2002023785A2 PCT/GB2001/004150 GB0104150W WO0223785A2 WO 2002023785 A2 WO2002023785 A2 WO 2002023785A2 GB 0104150 W GB0104150 W GB 0104150W WO 0223785 A2 WO0223785 A2 WO 0223785A2
Authority
WO
WIPO (PCT)
Prior art keywords
decoder
user
information
secure messaging
mail message
Prior art date
Application number
PCT/GB2001/004150
Other languages
English (en)
Other versions
WO2002023785A3 (fr
Inventor
Michael Henry Wright
Nicholas Hunter Ramage
Original Assignee
Innovation Venture Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Innovation Venture Limited filed Critical Innovation Venture Limited
Priority to AU2001287874A priority Critical patent/AU2001287874A1/en
Publication of WO2002023785A2 publication Critical patent/WO2002023785A2/fr
Publication of WO2002023785A3 publication Critical patent/WO2002023785A3/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management
    • G06Q10/107Computer-aided management of electronic mailing [e-mailing]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/07User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail characterised by the inclusion of specific contents
    • H04L51/08Annexed information, e.g. attachments
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/041Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 using an encryption or decryption engine integrated in transmitted data

Definitions

  • This invention relates to secure messaging over a communications network.
  • cracks are pieces of software that allow one to break the encryption and decipher the information contained therein. It is particularly desirable to send invoices or statements electronically to clients provided that the information contained therein is only available to authorised users.
  • invoice shall have its widest meaning and shall include statements and accounts unless otherwise indicated.
  • processor is to be given its widest meaning and includes any suitable apparatus which executes under stored programme control to achieve a desired result.
  • a method of secure messaging which includes sending a decoder to a user as an attachment to an e-mail message.
  • decoder to be sent in the form of an executable file; for the decoder to be installed on a user's computer when the attachment is opened in the e-mail message; alternately for the decoder to be installed on a user's computer when the e-mail message is opened.
  • decoder to operatively decrypt, encoded information using a key known to the user and to the sender of the information; for the key to be a SHA-1 or MD5 hash of at least two character strings; and for the at least two character strings to include a username and password.
  • encoded information to be sent to a user as an attachment to an e-mail message; for the e-mail message to which the encoded information is attached to also have a decoder attached thereto; for the attachment to invoke the decoder when opened; and for the encoded information to be compressed before being attached to an e-mail message.
  • a further feature of the invention provides for the information to be encoded using CBC encoded Blowfish or triple DES ciphers.
  • the invention also provides a method of securely transmitting an invoice which includes encoding the information forming the invoice and transmitting the encoded information to a user as an attachment to an e-mail message and transmitting a decoder for the encoded information to a user as an attachment to an e-mail message.
  • encoded information and decoder to be attached to the same e-mail message; for the decoder to install itself on the user's computer when the e-mail message is opened; alternately for the decoder to install itself on the user's computer when the attachment is opened in the e-mail message.
  • the installed decoder to decrypt the encoded information attached to the e-mail message; for the installed decoder to decrypt the encoded information attached to the e-mail message when the attachment is opened; for the decoder to require a key from the user to decrypt the encoded information; and for the key to be known to the user and to the sender of the invoice.
  • a further feature of the invention provides for the information forming the invoice to be compressed prior to being encoded.
  • the invention further provides for a system for secure messaging comprising a first store of information and at least one processor configured to encode the information and to attach the encoded information to at least one e-mail message to be sent to at least one user and to attach a decoder to an e-mail message to be sent to the or each user.
  • processors to attach encoded information and a decoder to a single e-mail message to the or each user; for the system to include a mail server for sending the or each e-mail message; for the or each decoder to be an executable file; and for the or each decoder to install itself on a user's computer.
  • Still fiirther features of the invention provide for the or each decoder to install itself on a user's computer when the attachment is opened in the e-mail message; alternately for the or each decoder to install itself on a user's computer when the e-mail message is opened.
  • each decoder to operatively decode the information attached to an e-mail message using a key known to the user and to the sender of the information; for each key to be a SHA-1 or MD5 hash of character strings; and for the character strings to include a username and password.
  • the at least one processor to compress the information prior to encoding it; for the first store of information to include a plurality of sets of information; for each set of information to correspond to a user; and for each set of information to be encoded and attached to an e-mail message.
  • Still further features of the invention provide for there to be provided a second store of information containing user address details and for a processor to be configured to correlate user details contained in the first information store with those in the second information store and to format e-mail messages using the information in the second store.
  • the second store of information to further include a username and password for each user; for the processor to encode the information for a user using the username and password for the user contained in the second store of information; and for the or each decoder not to be installed on a user's computer if an identical decoder is already installed on the computer.
  • a further feature of the invention provide for the at least one processor to interrogate a third store of information in which are recorded details of users who have already received a decoder and wherein the at least one processor does not attach a decoder to an e-mail message to a user where the user is recorded as having already received a decoder.
  • Figure 1 is a schematic diagram of a secure messaging system.
  • Confidential information for example monthly account statements, generated by the bank's computer system (4) is produced as individual files, or a single file and is stored in a first information store (5) together with necessary identification and addressing information.
  • the files stored at (5) are then sent to a secure server (8) using a secure file transfer protocol (9).
  • the files are parsed (13) into a format understood by the secure server.
  • the information in the files is formatted (14) to produce documents of a required type, such as HTML or Word.
  • a processor compresses the documents and then encodes the information (15) using a CBC encoded block cipher.
  • the encrypted document is padded with random data for more entropy and to reduce the likelihood of know-plaintext attacks.
  • the process may use any block cipher and key length but in this embodiment supports 112 bit and 168 bit Triple DES or 128 bit to 448 bit Blowfish block ciphers.
  • the key for the encryption is created from a SHA-1 or MD5 hash of the recipient's username and password, which is included in the data files (4). Any suitable character strings may however be used to form the key.
  • Each encoded file is then attached by the processor to an e-mail message (16) addressed to the relevant user (20) together with a decoder.
  • Each decoder is a small executable file that is capable of decrypting encoded files once properly installed on a computer.
  • Each decoder is further configured to be capable of being installed on a number of different software platforms. This avoids the problem of having to first determine the type of software platform being used by each user (20) and then sending a specific, and often different, decoder to each user (20).
  • the messages together with attachments are then sent via a bulk mailer (17) using Simple Mail Transfer Protocol (SMTP) to the users (20). Bounced mail (19) will be returned to the mail server (8) for reporting purposes.
  • SMTP Simple Mail Transfer Protocol
  • the decoder Once the e-mail message is received by a user (20), opening the message and executing the decoder (21) will cause the decoder attached to the message to automatically install itself on the user's computer if the user (20) does not already have a decoder.
  • the decoder could, however, also be configured to install automatically when the message is opened. As the size of the decoder is very small, about 43 kb in this embodiment, it is easy to send as an e-mail attachment and simple to manage by the user's computer.
  • the decoder Once the decoder is installed on the user's computer all encoded files attached to e-mail messages by the sender (2) will automatically invoke the decoder when they are opened (22). At this point, the user will be required to enter his username and password, which will be used to decode the message (24). If the username/password combination is correct the document is opened using the default viewer (25) for the documents, for example Word or Excel.
  • the system (1) enables secure messaging to occur through a simple yet highly effective process.
  • By attaching the decoder to an e-mail message it is unnecessary for the user to obtain a decoder by downloading from a communication network or any other means.
  • the size of the decoder does not impose a large overhead on the e-mail size in terms of bandwidth usage.
  • any suitable encoding can be used and the decoder need not be self-installing and could be installed through any convenient means.
  • the decoder could further be created prior to attachment to a message to decrypt information using a specific key thus obviating the need for the user to enter his password and username for each message. For security reasons, where such a decoder is used, it is desirable for the decoder to require these details prior to installing itself.
  • the decoder could be configured to remember a username and password after they have been entered once.
  • the decoder could also be attached to a separate message to the message that the encoded information is attached to.
  • a first store containing sets information to be encoded together with an identifier for each set
  • a second store containing the addressing details and username and password for each identifier.
  • the processor would obtain addressing details and encoding keys for the information in the first store from the second store of information.
  • a third store of information which could form part of the second store of information, could also be used to record whether a user already has a decoder installed on his computer or at least whether he has been sent one. This information could then be checked prior to sending encoded information with an e-mail message to determine whether it is necessary to attach a decoder to the message. Where a decoder is not attached to a message and the user requires one, for example where another computer is being used which does not have a decoder installed, a hyperlink could be provided to allow the user to access a website (secure or otherwise) to download the decoder. Alternatively a device could be provided on messages to automatically request a decoder to be sent to the user.
  • the functions of encoding information, attaching the information to a message, attaching a decoder to the message and sending the message may be performed by one or more processors. Where more than one processor is used the processors may each perform a specific task or may operate in parallel.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Human Resources & Organizations (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Strategic Management (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Operations Research (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Data Mining & Analysis (AREA)
  • Quality & Reliability (AREA)
  • Tourism & Hospitality (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Information Transfer Between Computers (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

L'invention concerne un procédé de messagerie sécurisée qui consiste à envoyer un décodeur à un utilisateur sous forme de fichier joint à un message de courrier électronique. Ce décodeur peut être envoyé sous forme d'un fichier exécutable qui est installé sur l'ordinateur d'un utilisateur lorsque le fichier joint est ouvert dans le message électronique.
PCT/GB2001/004150 2000-09-15 2001-09-17 Messagerie securisee WO2002023785A2 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2001287874A AU2001287874A1 (en) 2000-09-15 2001-09-17 Secure messaging

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB0022724A GB0022724D0 (en) 2000-09-15 2000-09-15 Secure messaging
GB0022724.9 2000-09-15

Publications (2)

Publication Number Publication Date
WO2002023785A2 true WO2002023785A2 (fr) 2002-03-21
WO2002023785A3 WO2002023785A3 (fr) 2002-08-01

Family

ID=9899565

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/GB2001/004150 WO2002023785A2 (fr) 2000-09-15 2001-09-17 Messagerie securisee

Country Status (3)

Country Link
AU (1) AU2001287874A1 (fr)
GB (1) GB0022724D0 (fr)
WO (1) WO2002023785A2 (fr)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002032044A2 (fr) * 2000-10-13 2002-04-18 Eversystems Inc. Messagerie a cle secrete
WO2006021830A1 (fr) * 2004-08-27 2006-03-02 Easecredit Releve de compte bancaire par courriel pour operations bancaires par internet effectuees par courriel et procede de production d'un releve de compte bancaire par courriel
EP1646194A1 (fr) * 2004-10-08 2006-04-12 Sagem Communication Procédé de production d'un accusé de réception fiable

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000049786A1 (fr) * 1999-02-19 2000-08-24 Messagemedia, Inc. Systeme et procede de cryptage de messages

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000049786A1 (fr) * 1999-02-19 2000-08-24 Messagemedia, Inc. Systeme et procede de cryptage de messages

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
PRENEEL B: "State-of-the-art Ciphers for Commercial Applications" COMPUTERS & SECURITY. INTERNATIONAL JOURNAL DEVOTED TO THE STUDY OF TECHNICAL AND FINANCIAL ASPECTS OF COMPUTER SECURITY, ELSEVIER SCIENCE PUBLISHERS. AMSTERDAM, NL, vol. 18, no. 1, 1999, pages 67-74, XP004154866 ISSN: 0167-4048 *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002032044A2 (fr) * 2000-10-13 2002-04-18 Eversystems Inc. Messagerie a cle secrete
WO2002032044A3 (fr) * 2000-10-13 2003-01-09 Eversystems Inc Messagerie a cle secrete
US6728378B2 (en) 2000-10-13 2004-04-27 Eversystems Information Comircio Representagco, Importageo E Exportagco Ltda. Secret key messaging
WO2006021830A1 (fr) * 2004-08-27 2006-03-02 Easecredit Releve de compte bancaire par courriel pour operations bancaires par internet effectuees par courriel et procede de production d'un releve de compte bancaire par courriel
EP1646194A1 (fr) * 2004-10-08 2006-04-12 Sagem Communication Procédé de production d'un accusé de réception fiable
FR2876527A1 (fr) * 2004-10-08 2006-04-14 Sagem Procede de production d'un accuse de reception fiable

Also Published As

Publication number Publication date
WO2002023785A3 (fr) 2002-08-01
AU2001287874A1 (en) 2002-03-26
GB0022724D0 (en) 2000-11-01

Similar Documents

Publication Publication Date Title
US7634651B1 (en) Secure data transmission web service
JP4148979B2 (ja) 電子メールシステム、電子メール中継装置、電子メール中継方法及び電子メール中継プログラム
US8166299B2 (en) Secure messaging
US6442686B1 (en) System and methodology for messaging server-based management and enforcement of crypto policies
US20070172066A1 (en) Message security
US20030065941A1 (en) Message handling with format translation and key management
US20070118735A1 (en) Systems and methods for trusted information exchange
US20020172367A1 (en) System for secure electronic information transmission
US20040120525A1 (en) System and method for storage and retrieval of cryptographic keys
EP1145507A1 (fr) Acheminement securise de messages electroniques sur internet
AU2004203148A1 (en) Method for Strongly Encrypting .zip Files
US7660987B2 (en) Method of establishing a secure e-mail transmission link
WO2008050742A1 (fr) Système de transmission et de réception de messages électroniques
WO2004042537A2 (fr) Systeme et procede de securisation de messages numeriques
CN1783853B (zh) 密码邮件服务器设备
US6847719B1 (en) Limiting receiver access to secure read-only communications over a network by preventing access to source-formatted plaintext
US6968458B1 (en) Apparatus and method for providing secure communication on a network
EP1387239B1 (fr) Messagerie sécurisée
AU2005201621B2 (en) Transmission of secure electronic mail formats
JP2008134985A (ja) ネットワークシステム
US20020053019A1 (en) System, computer product and method for secure electronic mail communication
WO2002023785A2 (fr) Messagerie securisee
WO2000046952A1 (fr) Procede permettant d'envoyer un courrier electronique, de maniere sure, via un explorateur
US20080172470A1 (en) Method and a system for the secure exchange of an e-mail message
CN113407971B (zh) 一种基于html5技术的跨互联网文件安全分享方法与系统

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PH PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

AK Designated states

Kind code of ref document: A3

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PH PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A3

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase in:

Ref country code: JP