WO2005053254A1 - Secure message model - Google Patents

Secure message model Download PDF

Info

Publication number
WO2005053254A1
WO2005053254A1 PCT/GB2004/004906 GB2004004906W WO2005053254A1 WO 2005053254 A1 WO2005053254 A1 WO 2005053254A1 GB 2004004906 W GB2004004906 W GB 2004004906W WO 2005053254 A1 WO2005053254 A1 WO 2005053254A1
Authority
WO
WIPO (PCT)
Prior art keywords
message
email
storage system
key
user
Prior art date
Application number
PCT/GB2004/004906
Other languages
French (fr)
Inventor
Simon Freeman
Original Assignee
Simon Freeman
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Simon Freeman filed Critical Simon Freeman
Publication of WO2005053254A1 publication Critical patent/WO2005053254A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/21Monitoring or handling of messages
    • H04L51/222Monitoring or handling of messages using geographical location information, e.g. messages transmitted or received in proximity of a certain spot or area

Abstract

A method and apparatus for sending a message such as an email from a first system to a second system over a network such as the Internet. A storage system which is preferably located at a remote location to the first and second system stores a plurality of encryption and corresponding decryption keys. The first system generates a message in an application program and communicates with the storage system. The message is encrypted using an encryption key provided by the storage system. A corresponding decryption key for decrypting the message is assigned to the message and stored in the storage system. On request for the decryption key by the second system, authentication is carried out by the storage system and after successful authentication the decryption key is provided to the second system.

Description

SECURE MESSAGE MODEL
The present invention relates to secure transmission of messages over a network. More particularly, the present invention relates to a system and method for securely transmitting and receiving messages such as electronic mail (e-mail) over a network such as the Internet. Secure transmission of email has so far failed to emerge for day to day usage. The most common method for securing e-mail is to use public key infrastructure ("PKI"). The problem with PKI is that it requires the recipient and the sender to have digital certificates installed and that each person in the communication has access to the other's public key. This has proven to be difficult to achieve in practice as digital certificates are not commonly found on users machines and digital certificates that are available are difficult to use with many interoperability issues. Finding out the recipient's certificate requires a directory which requires proprietary software to access on the whole. There are almost no examples of widespread PKI email usage due to these issues. The other method of secure mail is to hold the mail in a "web mail" type system where the user is notified and then retrieves the mail from a particular place via a web browser. This is inconvenient as most people have their own email systems and addresses and would prefer to have all their communications in one place. It also requires a lot of infrastructure to maintain these systems. Accordingly, one object of the present invention is to provide an improved model which offers secure transmission of messages such as email between a sender and an intended recipient. To achieve the object, the present invention provides a method of sending a message between a first system and a second system over a network, the method including the step of causing the first system to consult with a storage system and causing the message to be encrypted with a cryptographic key provided by the storage system prior to sending the message to the second system. The storage system is preferably located in a remote location to the first system and the second system and is capable of interacting with the both the first system and second system. Furthermore, the storage system stores a plurality of encryption and decryption keys and data relating to an originator of the message and a recipient of the message. The present invention further provides a method of decrypting a message sent using the preferred method and comprising the steps of: a) receiving the encrypted message at the second user system; b) causing the send user system to formulate the storage system in order to determine a decryption key assigned to the encrypted message; and c) decrypting the encrypted message. An advantage of the present invention is that it enables the originator of a message to send to the recipient the message in a form where only the recipient can read the message. In a preferred embodiment, the message is an email and the originator may be able to see that the mail has been read and received. Hence, neither the originator nor the recipient will require a digital certificate to successfully carry out secure email communication. In order that the present invention be more readily understood, an embodiment thereof will be described by way of example only with reference to the accompanying drawings in which: Fig 1 shows a schematic diagram of a preferred embodiment of the present invention; and Fig 2 shows the email process according to a preferred embodiment of the present invention. The preferred embodiment of the present invention relates to email communication where the message being sent between a sender and receiver is an email. However, it will be appreciated that the present invention is not limited to such an embodiment, and the present invention may be embodied in many other systems which relate to the exchange of messages. Referring to Fig 1, there is shown a typical system which encompasses the present invention. A sender terminal 1 may be a computer terminal, PDA or any other type of similar equipment capable of connecting to a network such as the Internet. In this embodiment, the terminal 1 is a computer terminal of a user. The terminal 1 contains an email program capable of displaying emails. For the present invention to operate, there are a number of possible modifications which may be carried out at the sender terminal. For example, the email program utilised by the sender may be modified such that either an application or "plug in" is installed in the program. Alternatively, the email itself may be modified and contain an application such as, for example, a Java applet or Active X control. Another possibility is that the email may contain additional scripting code. Any of these modifications are possible for the correct implementation of the preferred embodiment of the present invention to be observed. Advantageously, the modifications are relatively simple to achieve and major changes to the computer system at the sender end or receiver end do not have to be made. The preferred embodiment as shown in the Fig 1 may be utilised to perform the secure transmission of the email in a number of ways. One way is that the originator 1 of the email sends an email via a secure link to a storage system 3 (hereinafter referred to as a "key exchange") which encrypts the email message (as described later) and forwards the encrypted email to the recipient using standard mail protocols. Another way is for the originator of the email to request a cryptographic encryption key for the email message from the key exchange 3 and have the modified email application (not shown) on the originators terminal 1 encrypt the email message and have it sent over a network using standard email protocols. The basic principle is the same for both methods but the description will be described hereinafter on the basis of the second of these two methods. It will be appreciated that the preferred embodiment is capable of being used with either of these two methods. The key exchange 3 stores a plurality of encryption and corresponding decryption keys. In addition, the key exchange 3 stores user account details and is capable of carrying out encryption if required. The encryption key used to encrypt an email message is not the same for every message. Instead, the key exchange 3 provides a key to the sender which differs for every message. In addition, the key can be of any type to be used in any type of encryption. For example, the encryption type may be symmetric or asymmetric (such as PKI). When an encryption key is provided to a sender the key exchange identifies the decryption key corresponding to the encryption key provided for that particular message, stores a unique identifier for that message and the email address of the recipient. In this preferred embodiment, the email application on the sender's terminal 1 interacts with an SMTP server 4. The SMTP server 4 may belong to an Internet Service Provider (ISP) that the email sender is subscribed to, may be on the local machine of the sender or in a company. The SMTP server 4 sends the email to the recipient's mail server 5 which may be an ISP POP3 server or local mail server. It will be appreciated that any standard email protocol may be used. Moreover, the message, if not an email, may travel using any messaging protocol as the message is encrypted and is not in a readable form when being transferred over a network. It should be noted that the recipients mail system 2 is configured in a similar manner to the sender terminal 1 such that the email program utilised by the receiver is modified by installing an application or plug-in which is capable of consulting with the key exchange 3. This consultation may take place automatically or may require the recipient to prompt such a consultation. Alternatively, rather than using a modified application or plug-in, the email message itself may be scripted in such a way that it includes a header which causes a consultation with the key exchange to occur. Upon receipt, an email application on the recipient's mail system 2 will ask the recipient for their user identification and password for their key exchange account and the unique message identifier (which is not encrypted) and their email address. It is possible for some of these requirements to be generated automatically. The email application will then provide these details to the key exchange 3 over a secured link such as server side SSL (Secure Socket Layer). The details are provided by making a call to the key exchange 3 using a suitable protocol which may be LDAP (Lightweight Directory Access Protocol), https (hypertext transmission protocol, secure) or SOAP (Simple Object Access Protocol). Once a connection is established, the details are checked at the key exchange and if correct, a decryption key for that message is returned to the email message recipient. It is important to note that the encryption key is preferably only used for a particular message. However, it may be possible for the encrypted key to be reused for another message which uses the key exchange but as the encryption key is generated at the key exchange from a considerably large number of keys, there would be very little benefit for a potential hacker in keeping or intercepting the keys. In addition, it is preferable to vary the encryption type so that even in the unlikely event of the key being intercepted, the hacker would be faced with a potentially difficult task of establishing the type of encryption. Figure 1 also shows a possible modification which may be incorporated into the system. The key exchange 3 can track the fact that the recipient 2 has correctly requested the decryption key for that message and if necessary email the originator to inform them that the message has been successfully received by the recipient. One possible method of communicating this would be to send the email from the key exchange 3 to the sender 1 via an ISP POP 3 server or local mail server 6. Furthermore, it is possible for the recipient of the email, when requesting the decryption key from the key exchange, to also request authentication of the sender's details. The preferred embodiment will now be described with reference to Fig 2 which shows the email process for achieving secure messaging when utilising the present invention. The sender composes a message (100) and the sender's email application generates a unique ID for that message (101). The sender enters his key exchange user ID and password into the application (102) and the application request a key by sending the user ID and password, the sender's email address, the unique ID for the message, and the recipient's email address to the key exchange (103). It will be appreciated that other credentials instead of or in addition to the user ID or password may be used to identify the sender. For example, a smart card or certificate may be utilised. The key exchange authenticates the sender's request (104) and if successful supplies a key for encrypting the message to the sender's email application (105). The sender's email application encrypts the message using the key (106) and discards the key from the sender's system. Preferably, both the unencrypted message and the encrypted version of the email message are arranged in the sent folder of the email application. The key exchange stores the decryption key corresponding to the encryption key provided to the sender, the unique message ID, the recipient's email address and the sender's email address securely in its system (107). The encrypted email message is then sent to the receiver using a standard email protocol (108). When the recipient collects the mail from their mail box, the recipient's modified email application locates the receiver's key exchange user ID and password (109). This is achieved by either prompting the recipient to enter this information or to locate the information from a stored location on the recipient's system. This information along with the sender's email address, the unique message code, and the recipient's email address are sent to the key exchange as a request for the decryption key (110). The key exchange authenticates the request (111) and if successful provides back the decryption key to the recipient's email application (112). The email message is then decrypted (113). A modification may be made to the above process such that the sender of the email may request an indication that the recipient has successfully received and decrypted the sent email message. If so, the key exchange will notify the sender that successful transmission of the email has occurred. It will be appreciated that the above process can also be carried out where the email message contains attachments. As already mentioned, the present invention is not limited to email communication but may be applied to other types of communication.

Claims

CLAIMS:
1. A method of sending a message between a first user system and a second user system over a network, the method including the steps of a) generating the message by the first user in a first user application program; b) causing the first system to consult with a storage system capable of providing cryptographic keys; c) causing the message to be encrypted using the cryptographic key provided by the storage system; and d) sending the encrypted message to the second user system.
2. The method according to claim 1 wherein the storage system is located at a remote location to the first user system and the second user system.
3. The method according to claim 1 or 2 wherein step b) includes checking whether the first user system is registered with the storage system.
4. The method according to claim 1, 2 or 3 wherein authentication details include a unique identifier randomly generated by the application program of the first user system to identify the message.
5. The method according to any of claims 1 to 4 wherein the storage system provides a plurality of cryptographic keys; and wherein a unique cryptographic key is assigned to the message by the storage system in step b); and a corresponding decryption key is assigned to the message and stored in the storage system for use in the decryption of the encrypted message.
6. The method according to claim 5, wherein the cryptographic key is the same as the decryption key.
7. The method according to claim 5, wherein the cryptographic key differs from the decryption key.
8. The method according to any one of the proceeding claims wherein the message is an email.
9. The method according to any one of the proceeding claims wherein the network is the Internet.
10. A method of decrypting an encrypted message sent using the method according to any one of the preceding claims, comprising the steps of; a) receiving the encrypted message at the second user system; b) causing the send user system to formulate the storage system in order to determine a decryption key assigned to the encrypted message; and c) decrypting the encrypted message.
PCT/GB2004/004906 2003-11-24 2004-11-19 Secure message model WO2005053254A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB0327278.8 2003-11-24
GBGB0327278.8A GB0327278D0 (en) 2003-11-24 2003-11-24 Secure message model

Publications (1)

Publication Number Publication Date
WO2005053254A1 true WO2005053254A1 (en) 2005-06-09

Family

ID=29764330

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/GB2004/004906 WO2005053254A1 (en) 2003-11-24 2004-11-19 Secure message model

Country Status (2)

Country Link
GB (1) GB0327278D0 (en)
WO (1) WO2005053254A1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008116060A1 (en) * 2007-03-20 2008-09-25 Dmvich Software, Llc Secure electronic messaging system requiring key retrieval for deriving decryption key
EP2323306A1 (en) * 2009-11-17 2011-05-18 Thales Secured data transmission method and encryption and decryption system enabling such a transmission
US8127367B2 (en) 2007-03-20 2012-02-28 Dmvich Software, Llc Refreshing software licenses
CN104537516A (en) * 2014-11-21 2015-04-22 北京国信冠群技术有限公司 System and method for novel E-mail system for limiting read only of mail attachment
GB2540138A (en) * 2015-07-02 2017-01-11 Ketheeswaran Gopalan Method of exchanging digital content

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030074552A1 (en) * 2000-04-25 2003-04-17 Secure Data In Motion Security server system

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030074552A1 (en) * 2000-04-25 2003-04-17 Secure Data In Motion Security server system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
MENEZES, OORSCHOT, VANSTONE: "Handbook of Applied Cryptography", 1997, CRC PRESS SERIES ON DISCRETE MATHEMATICS AND ITS APPLICATIONS, BOCA RATON, FL, US, ISBN: 0-8493-8523-7, XP002313428 *

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008116060A1 (en) * 2007-03-20 2008-09-25 Dmvich Software, Llc Secure electronic messaging system requiring key retrieval for deriving decryption key
JP2010522488A (en) * 2007-03-20 2010-07-01 デムヴィッチ ソフトウェア,リミテッド ライアビリティー カンパニー Secure electronic messaging system requiring key retrieval to distribute decryption key
US8127367B2 (en) 2007-03-20 2012-02-28 Dmvich Software, Llc Refreshing software licenses
EP2323306A1 (en) * 2009-11-17 2011-05-18 Thales Secured data transmission method and encryption and decryption system enabling such a transmission
FR2952778A1 (en) * 2009-11-17 2011-05-20 Thales Sa SECURE DATA TRANSMISSION METHOD AND ENCRYPTION AND ENCRYPTION SYSTEM FOR SUCH TRANSMISSION
CN104537516A (en) * 2014-11-21 2015-04-22 北京国信冠群技术有限公司 System and method for novel E-mail system for limiting read only of mail attachment
GB2540138A (en) * 2015-07-02 2017-01-11 Ketheeswaran Gopalan Method of exchanging digital content

Also Published As

Publication number Publication date
GB0327278D0 (en) 2003-12-24

Similar Documents

Publication Publication Date Title
US10313135B2 (en) Secure instant messaging system
US8489877B2 (en) System, method and computer product for sending encrypted messages to recipients where the sender does not possess the credentials of the recipient
US6904521B1 (en) Non-repudiation of e-mail messages
US7673004B1 (en) Method and apparatus for secure IM communications using an IM module
US7376835B2 (en) Implementing nonrepudiation and audit using authentication assertions and key servers
US7277549B2 (en) System for implementing business processes using key server events
CN113508563A (en) Block chain based secure email system
US20030196080A1 (en) Secure communication via the internet
US20080187140A1 (en) Method and System of Securely Transmitting Electronic Mail
CN101715638A (en) Secure electronic messaging system requiring key retrieval for deriving decryption key
WO2000042748A1 (en) Web-based delivery of secure e-mail messages
WO2003067809A1 (en) Secure electonic messqging system requiring key retrieval for deriving decryption keys
CA2518025A1 (en) Secure e-mail messaging system
JP4434680B2 (en) E-mail processing device program
JP2009100345A (en) E-mail relay apparatus
JP3711931B2 (en) E-mail system, processing method thereof, and program thereof
JP2000031957A (en) Communication system
WO2005053254A1 (en) Secure message model
CN111541603B (en) Independent intelligent safety mail terminal and encryption method
CN114172694A (en) E-mail encryption and decryption method, system and storage medium
EP1357697B1 (en) Secure communication via the internet
KR20080002095A (en) System for safety using voip receiver call number and thereof

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

WWW Wipo information: withdrawn in national office

Country of ref document: DE

122 Ep: pct application non-entry in european phase