METHOD AND DEVICES FOR SECURE TRANSMISSION OF ELECTRONIC MESSAGES Technical field
The present invention relates to a method for the secure transmission of electronic messages via a telecommunication network and to apparatuses suitable for this purpose. The invention relates in particular to a method and suitable apparatuses for the secure transmission of electronic messages, such as "electronic mails" (e-mails) , via a telecommunication network, the electronic messages being encrypted and decrypted.
Prior art
To protect the interchange of electronic messages such as e-mail, methods are used to encrypt the content of the e-mails. Currently, primarily two types of methods for interchanging encrypted electronic messages with external partners are used, the "public key method" (see figure 1) and a method which is based on "courier service systems" (see figure 2) .
The public key method involves the e-mail being encrypted by the sender using a public key belonging to the receiver, and being decrypted again by the receiver using the latter' s private key (secret key). As figure 1 illustrates, the public key method may be executed in companies using a central e-mail encryption gateway 12, so that the individual employees have nothing to do with the key management and encryption. As can be seen from figure 1, in step Sll of the public key method the external partner 14 sends his public key to an internal employee 11, or to the e-mail encryption gateway 12 , where it is stored in a key database either manually or automatically. When an e-mail is sent from
the internal employee 11 to the external partner 14 in step S12, the e-mail is automatically encrypted by the e-mail encryption gateway 12 using the added public key belonging to the external partner 14. In addition, the encryption may be linked to the condition that the e- ail must satisfy defined criteria. In step S13, the encrypted e-mail is transmitted from the e-mail encryption gateway 12 to the external partner 14. The external partner 14 receives the encrypted e-mail and decrypts it using the decryption module 15, using the private key which only the external partner knows, and renders the e-mail readable again. The decryption module 15 is in the form of a software or hardware solution.
The two best known public key methods are OpenPGP (Pretty Good Privacy) and S/MIME (Secure Multipurpose Internet Mail Extensions) , for which there are an array of solutions and plugins .
A fundamental drawback of the public key methods is that the receiver has to install special supplementary modules, typically software programs, software subprograms and cryptographical keys and/or certificates, on his terminal and needs to operate or use these supplementary modules in the correct manner. This firstly has an associated level of complexity, and secondly assumes that the receiving communication partner has certain technical capabilities and knowledge, which he does not necessarily have. In addition, many communication partners do not even have the authorization to install such supplementary modules on their system.
Courier service systems or courier services are provided either as subsystems of e-mail encryption gateways or as individual solutions or as services via the Internet. As figure 2 shows in schematic form, in step S21 of such solutions the sender 21 sends the e-
mail to the courier service system 22 in unencrypted form. The e-mail may be sent in this manner using a normal e-mail program or using an integrated webmail system. The courier service system 22 stores and buffers the received e-mail 221 either in unencrypted form or in a form encrypted using a secret key. As can be seen in figure 2, the courier service system 22 provides a new second e-mail 23, typically in HTML format, and transmits it to the receiver 24 in step S23. The new second e-mail 23 comprises a "hyperlink" 231 to the courier service system 22. When the receiver 24 clicks on this hyperlink 231 in his e-mail program, a web browser window opens, for example within the e- mail program, in step S24 and a web page appears which requires the receiver 24 to type in a password which he has obtained previously in a different way, for example by telephone. When the password has been typed in, the courier service system 22 shows the receiver 24 the e- mail, which is buffer-stored in the courier service system 22, in the web browser or, depending on the file type, in a display program provided for it, in step S25. The connection between the browser belonging to the receiver 24 and the courier service system 22 is secured, or encrypted, using SSL (Secure Socket Layer) , which means that nobody in between is able to intercept and read the e-mail message .
Courier service systems do not have the drawback of the public key methods, because the communication partner does not need to install a program or certificate. The communication partner can easily use a hyperlink to set up a connection to a web server, for which most e-mail programs today have been set up .
However, courier service systems face drawbacks regarding mail management. Courier service systems use the web protocol HTTP(S) (Hypertext Transfer Protocol (Secure)) and not e-mail protocols, that is to say that the e-mail is uploaded (securely) to a web server, is
stored there and is downloaded again. Only the hyperlink for accessing this web page is sent by e- mail. Hence, the e-mail in courier service systems is stored not with the receiver 24 but rather in the courier service system 22, for example on a web server in the courier service system 22. The receiver 24 is therefore not able to manage, move, copy, delete, back up etc. the e-mail in his e-mail program. The receiver 24 must either manage the e-mail on the web server in the courier service system 22 or must download it and store it locally on his hard disk. The operators of the courier service system, typically the sender's company, are therefore confronted with the storage of all e- ails to the communication partners . This forces the operators to have an immensely large infrastructure, and/or they must delete the e-mails again after a certain time. Deleting a buffer-stored e-mail means that the communication partner is no longer able to read this e-mail, even if the e-mail with the hyperlink is still in his inbox.
Description of the invention
It is an object of the present invention to propose a new method for the secure transmission of electronic messages via a telecommunication network and apparatuses suitable for this purpose which do not have the drawbacks of the prior art .
In line with the present invention, these objectives are achieved, in particular, by the elements of the independent claims. In addition, other advantageous embodiments can be found in the dependent claims and in the description.
The aforementioned objectives are achieved by the present invention particularly by virtue of a first electronic message, for example an e-mail, which is intended to be transmitted securely via a
telecommunication network, for example via the Internet, being encrypted in an encryption system, and by virtue of a second electronic message being provided in the encryption system, where the second electronic message comprises a content in the format of a text markup language. In this case, the encrypted first electronic message is added to the content of the second electronic message, for example hidden in form fields in the text markup language. The text markup language is HTML (Hypertext Markup Language) or XML (Extensible Markup Language) , for example. The second electronic message which is provided is transmitted via the telecommunication network to the reception apparatus to which the first electronic message is addressed, for example to a communication terminal or to a personal computer. The encrypted first electronic message is transmitted from the reception apparatus to the encryption system via the telecommunication network. The first electronic message received via the telecommunication network is decrypted in the encryption system and is transmitted from the encryption system to the reception apparatus using a secure connection, for example using an SSL connection, for the purpose of display. Advantageously, the transmission of the encrypted first electronic message packed in a second electronic message and the automatic feedback of the encrypted first electronic message to the encryption system permit secure transmission of the first electronic messages via a telecommunication network without the need to equip the reception apparatus with additional special modules for decryption and without the user of the reception apparatus needing to concern himself with aspects of the decryption. Furthermore, the transmission of the encrypted first electronic message packed in a second electronic message to the reception apparatus permits the receiver to manage the second electronic message with the encrypted first electronic message it contains in the reception apparatus, that is to say the first
electronic message does not need to be stored, managed and, after a certain time, deleted in the encryption system.
Preferably, an activation element which can be operated by the user, for example a "button" or an icon, is added to the content of the second electronic message, and the content of the second electronic message is fashioned such that, in response to operation of the activation element, the encrypted first electronic message is transmitted from the reception apparatus to the encryption system using the secure connection via the telecommunication network. Embedding the activation element which can be operated by the user into the second electronic message permits extremely simple control by the user as a result of activation of the desired decryption of the encrypted first electronic message .
Preferably, the content of the second electronic message is set up as a feedback form with form fields, and the encrypted first electronic message is added secretly to form fields in the feedback form, for example to an HTML page which has been set up as a feedback form. In this way the, the encrypted first electronic message is hidden in the feedback form. In this case, any attachments to the first electronic message are added in respectively encrypted form to separate form fields. The encrypted first electronic message is then transmitted to the encryption system by transmitting the contents of the form fields from the reception apparatus to the encryption system. In addition, provision of the second electronic message in the form of a feedback form involves address information for the encryption system being added to the content of the second electronic message. Transmitting the encrypted first electronic message hidden in form fields in a feedback form permits extremely simple interchange of the electronic messages
between the encryption system and the reception apparatus, which can be performed by conventional e- mail programs in the reception apparatus, so that the reception apparatus does not need to be equipped with additional special modules .
Besides the method for secure transmission of electronic messages via a telecommunication network, the present invention also relates to a suitable computer-based encryption system for the secure transmission of electronic messages via a telecommunication network and to a computer program product having suitable computer program code means for controlling one or more processors in a computer for the secure transmission of electronic messages via a telecommunication network.
Brief description of the drawings
An embodiment of the present invention is described below with reference to an example. The example of the embodiment is illustrated by the following appended figures :
figure 1 shows a block diagram which schematically illustrates the sequence in the public key method known from the prior art for the secure transmission of electronic messages via a telecommunication network.
figure 2 shows a block diagram which schematically illustrates the sequence in the courier service systems known from the prior art for the secure transmission of electronic messages via a telecommunication network.
figure 3 shows a block diagram which schematically illustrates the sequence between the computer-based encryption system and a reception apparatus in the case of an example of the inventive secure transmission of electronic messages via a telecommunication network.
figure 4 shows a flowchart which schematically illustrates the method sequence in the case of an example of the inventive secure transmission of electronic messages via a telecommunication network.
Ways of implementing the invention
Figure 3 schematically illustrates an encryption system 32 which comprises one or more computers having one or more respective processors. The encryption system 32 comprises a plurality of functional modules which are preferably in the form of programmed software modules and which control the processor (s) in the encryption system such that the function of the functional module in question is performed by the processor (s) . The programmed software modules each comprise computer program code means which are stored on a computer- readable medium 322. The person skilled in the art will understand that the functional modules may also be designed in part or in full using hardware.
The encryption system 32 comprises a communication module 321 for the interchange of electronic messages, such as e-mails, via a telecommunication network 35, for example the Internet and/or a mobile radio network, with the reception apparatus 34 shown in figure 3.
As figure 3 schematically indicates, step SI involves an e-mail 311 being transferred from a sender apparatus 31 to the encryption system 32. The e-mail 311 may also be generated in a computer in the encryption system 32. Instead of storing the e-mail 311, as in the known courier service systems, and integrating a hyperlink to this e-mail into a second new HTML e-mail, the encryption system 32, or the functional module in question, encrypts the e-mail 311 and integrates the encrypted e-mail 331 into an HTML e-mail 33, as illustrated schematically in figure 3. That is to say
that no link to the e-mail 311 is added to an HTML e- mail 33 but rather the entire encrypted e-mail 331. The HTML e-mail 33 is provided by the encryption system 32 as an e-mail whose content has the format of the text markup language HTML. The content of the e-mail 33 is set up, in particular, as an HTML page which is normally used as a feedback form on web pages (e.g. <form action = https://www.servername.com/xxx.cgi" method = P0ST>) . The encrypted e-mail 331 is added secretly to one or more form fields in the HTML content of the e-mail 33 (e.g. <input type = "HIDDEN" name = "field 1" value = " ">) by the encryption system 32, thereby making the encrypted e-mail 331 hidden in the HTML content. If the e-mail 311 has attachments, then these are each added separately to various form fields in the HTML content of the e-mail
33. In addition, the HTML content of the e-mail 33 is provided with a form field as an input field for the input of a password or access code by the user (e.g. password: <input type = "PASSWORD" name = "password">) . Furthermore, address information for the encryption system 32 is added to the HTML content of the e-mail 33 (e.g. https://www.servername.com/xxx.cgi). Finally, an activation element which can be operated by the user is added to the HTML content of the e-mail 33 (e.g. <input type = "SUBMIT" value = "Click here to decrypt">) .
The HTML e-mail 33 provided is then transmitted in step
S9 from the encryption system 32 via the telecommunication network 35 to the reception apparatus
34, where, as usual, it is stored in conventional fashion in or by the reception apparatus's e-mail program. When the receiver, that is to say the user of the reception apparatus 34, wishes to read the content of this e-mail, he inputs his password into the form field provided for this purpose and operates the activation element, that is to say he clicks on the button in the HTML e-mail 33. In response to operation of the activation element, in step Sll the e-mail
program in the reception apparatus 34 creates a secure connection, in our example an SSL connection, to the encryption system 32 determined by the aforementioned address information in conventional fashion on the basis of the HTML instruction in the HTML content of the e-mail 33 (action = https) , and loads the password which has been input and the e-mail 331 encrypted secretly in the form fields for the encryption system 32. If the password is correct, the encryption system 32 decrypts the encrypted e-mail 331 received via the secure connection and, in step S14, transmits the decrypted e-mail 311 using the secure connection for the purpose of display in a browser window on the reception apparatus 34 or, depending on the file type of the attachment, in a display program provided for this purpose on the reception apparatus 34. The user of the reception apparatus 34 realizes only that he is clicking on the button and that the e-mail 311 appears in readable form in the browser window, or in the display program.
The e-mail 311 is thus packed secretly (hidden) into another e-mail 33, specifically such that clicking on the HTML button in the e-mail 33 uploads the encrypted e-mail 331 automatically to the encryption system 32, decrypts it there and displays it in a browser window on the reception apparatus 34.
As shown schematically in the flowchart in figure 4, the method sequence is initiated in step SI through the transmission of an e-mail 311 from a sender apparatus 31 to the encryption system 32.
In step S2, the e-mail 311 is accepted by the encryption system 32.
In step S3, the encryption system 32 examines whether a key for the encryption method has already been provided for the receiver (addressee) of the e-mail 311.
If a key has not yet been provided for the receiver, then a key is generated in step S4 and is stored in the encryption system 32 in association with the receiver in question.
In step S5, the receiver is sent a password or access code, for example by telephone, which is indicated in figure 4 by the arrow S5' .
In step S6, the encryption system 32 possibly provides the individual parts of the e-mail 311 by separating attachments from the e-mail 311.
In step S7, the encryption system 32 encrypts the e- mail 311, that is to say the individual parts of the e- mail 311, including the content of the e-mail 311 and the attachments to the e-mail 311 which have been separated in step S6, are encrypted.
In step S8, the encryption system 32 adds the encrypted e-mail 331 secretly to HTML form fields in the HTML e- mail 33 described above, in which case the parts of the e-mail 311 which have been encrypted in step S7 are respectively added to separate HTML form fields. As described above, the encryption system 32 also adds the form field as the input field for inputting the password or the access code, the address information for the encryption system 32 and the activation element which can be operated by the receiver to the HTML content of the e-mail 33.
In step S9, the encryption system 32 transmits the HTML e-mail 33 provided in step S8 with the encrypted e-mail 331 via the telecommunication network 35 to the reception apparatus 34, where it is stored in the e- mail program.
In step S10, the receiver opens the HTML e-mail 33 in
the e-mail program on the reception apparatus 34, inputs the password transmitted in step S5 into the form field provided as input field and operates the activation element in the HTML e-mail 33.
In step Sll, the e-mail program on the reception apparatus 34 creates the secure connection to the encryption system 32 and transmits the password which has been input and the e-mail 331 encrypted in hidden form in the form fields to the encryption system 32. In this case, the HTML e-mail 33 with the encrypted e-mail 331 remains stored in the reception apparatus 34 for use again later.
In step S12, the encryption system 32 checks whether the password received is correct, that is to say the received password is compared with a password which is associated with the user to whom the e-mail 311 or the HTML e-mail 33 is addressed. If the password is incorrect, the encryption system 32 transmits an error message to the e-mail program on the reception apparatus 34.
If the password is correct, the encryption system 32 decrypts the encrypted e-mail 331 received, that is to say the encrypted parts of the e-mail 311 which have been added to the HTML e-mail 33 in step S8, in step S13.
In step S14, the encryption system 32 displays the decrypted e-mail 331, that is to say the unencrypted parts of the e-mail 311, in a browser window on the reception apparatus 34 and/or, depending on the file type of the attachment, in a display program provided for this purpose on the reception apparatus 34 using the secure connection created in step Sll . That is to say that the encryption system 32 transmits the decrypted e-mail 331, or the unencrypted parts of the e-mail 311, to the reception apparatus 34 using the
secure connection for the purpose of display in a browser window and/or in a display program.
At this point, it will be recorded that, in one variant embodiment, the user may also first be asked to input the password, or access code, by the encryption system 32. In addition, activation of the transmission of the encrypted e-mail 331 from the reception apparatus 34 to the encryption system 32 may, in one variant embodiment, also be triggered independently of the operation of an activation element, for example automatically by program code in the HTML e-mail 33, for example by Javascript. Also, the encrypted e-mail 331 may, in one variant embodiment, also be transmitted via the telecommunication network 35 from the reception apparatus 34 to the encryption system 32 in nonsecure form, for example triggered by the aforementioned program code. In the latter case, the secure connection is first created by the encryption system 32 for transmitting the decrypted e-mail 311 to the reception apparatus 34. Finally, it is also possible for steps S2 to S9 to be performed in a first computer in the encryption system 32, for the key generated in step S4 to be transmitted from the first computer to a second computer in the encryption system 32, for the e-mail program on the reception apparatus 34 to create the secure connection to the second computer in the encryption system 32 in step Sll and to transmit the password which has been input and the encrypted e-mail 331 to the second computer in the encryption system 32, and for steps S12 to S14 to be performed by the second computer in the encryption system 32.
Although the solution is technically completely different, the proposed solution has a similar effect for the receiver as the courier service system. He simply needs to click on a button, instead of a link, in order to read the e-mail. However, the proposed solution provides significant advantages over courier
service systems. The user of the reception apparatus 34 (receiver) can manage the e-mail using his e-mail program. Although the e-mail 311 has been stored in encrypted form and embedded in the HTML e-mail 33, it is still a normal e-mail with content. The receiver is thus able to copy, move, back up, delete etc. the HTML e-mail 33 with its entire content. He can thus manage the e-mail 33 in his familiar environment. In addition, the sender, or the encryption system 32, does not need to buffer-store all e-mails which have been transmitted to the communication partners . For each communication partner, it is necessary to store and manage only one key and the password on the encryption system 32, regardless of how many e-mails are sent to this partner. Hence, the problem of deleting the e-mails after a certain time does not arise either. The communication partner is able to read his e-mails until the sender, or the encryption system 32, deletes the key. Finally, the proposed method also affords a higher level of security than a courier service system. This is because in the courier service system the password can be used to read all encrypted e-mails from a particular sender, whereas in the proposed solution a user not only needs to know the password but also needs to be in possession of the encrypted e-mail in order to read it .
The proposed solution has the advantage over the public key method that the communication partner does not need to install any software, any plugin, any certificate or any key on his system and he nevertheless has the opportunity to read encrypted e-mails. In addition, the proposed solution has the advantage over public key methods that the sender can automatically be sent confirmation of receipt.