WO2017116260A1 - Systems and methods for implementing secure email communications - Google Patents

Systems and methods for implementing secure email communications Download PDF

Info

Publication number
WO2017116260A1
WO2017116260A1 PCT/RU2015/000938 RU2015000938W WO2017116260A1 WO 2017116260 A1 WO2017116260 A1 WO 2017116260A1 RU 2015000938 W RU2015000938 W RU 2015000938W WO 2017116260 A1 WO2017116260 A1 WO 2017116260A1
Authority
WO
WIPO (PCT)
Prior art keywords
email
message
computer
message contents
server
Prior art date
Application number
PCT/RU2015/000938
Other languages
French (fr)
Inventor
Yury Alexandrovich VETROV
Original Assignee
Limited Liability Company Mail.Ru
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Limited Liability Company Mail.Ru filed Critical Limited Liability Company Mail.Ru
Priority to PCT/RU2015/000938 priority Critical patent/WO2017116260A1/en
Publication of WO2017116260A1 publication Critical patent/WO2017116260A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/21Monitoring or handling of messages
    • H04L51/224Monitoring or handling of messages providing notification on incoming messages, e.g. pushed notifications of received messages
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan

Definitions

  • the disclosed embodiments relate in general to secure electronic communications technology and software therefor and, more specifically, to systems and methods for implementing secure email communications.
  • a computer-implemented method for secure electronic communication performed in a computerized system comprising a central processing unit, a display device and a memory
  • the computer-implemented method comprising: receiving, using a user interface displayed on the display device, an instruction from a sender user to encrypt an email message, the email message comprising a message contents; responsive to the received instruction, encrypting the message contents and transmitting the encrypted message contents to a secure server; inserting into the email message, in place of the message contents, a link to the encrypted message contents on the secure server; causing the email message comprising the link to be stored on a email server; and causing a recipient user to be notified of the email message.
  • the method further comprises: receiving the email message from the email server; automatically traversing the link to the encrypted message contents; retrieving the encrypted message contents from the secure server; decrypting the encrypted message contents; and displaying the decrypted message contents to the recipient user.
  • the receiving, travestying, decrypting and displaying is performed on an email messaging client.
  • the method further comprises authenticating the recipient user.
  • the recipient user is authenticated using a
  • the recipient user is authenticated using a fingerprint.
  • the receiving, encrypting and inserting are performed on an email messaging client.
  • the secure server is separate and distinct from the email server.
  • the link is a short uniform resource identifier (URI)URI.
  • the inserting further comprises inserting into the email message a textual message to the user.
  • a non-transitory computer-readable medium embodying a set of computer-executable instructions, which, when executed in a computerized system comprising a central processing unit, a display device and a memory, cause the computerized system to perform a method for secure electronic communication comprising: receiving, using a user interface displayed on the display device, an instruction from a sender user to encrypt an email message, the email message comprising a message contents; responsive to the received instruction, encrypting the message contents and transmitting the encrypted message contents to a secure server; inserting into the email message, in place of the message contents, a link to the encrypted message contents on the secure server; causing the email message comprising the link to be stored on a email server; and causing a recipient user to be notified of the email message.
  • a computerized system for secure electronic communication comprising a central processing unit, a display device and a memory storing a set of computer-executable instructions for: receiving, using a user interface displayed on the display device, an instruction from a sender user to encrypt an email message, the email message comprising a message contents; responsive to the received instruction, encrypting the message contents and transmitting the encrypted message contents to a secure server; inserting into the email message, in place of the message contents, a link to the encrypted message contents on the secure 8 server; causing the email message comprising the link to be stored on a email server; and causing a recipient user to be notified of the email message.
  • Figure 1 illustrates an exemplary embodiment of a secure email communication system described herein.
  • Figure 2 illustrates an exemplary operating sequence of an embodiment of a secure email communication system described herein.
  • Figure 3 illustrates an exemplary embodiment of a computer platform whereupon the various embodiments described herein may be implemented.
  • the inventive secure messaging system enables users to exchange encrypted messages.
  • the inventive system enables the user to encrypt specific, user- selected, email message(s) in user's email mailbox or all conversations in user's email mailbox.
  • FIG. 1 illustrates an exemplary embodiment of a secure email communication system 100 described herein.
  • the secure email communication system 100 incorporates a special-purpose sender email client 101 , a conventional email server 102, a secure server 103 and a special-purpose recipient email client 104.
  • the client 101 when the user (sender) has turned on the encryption of the email messages on the special-purpose sender email client 101 , the client 101 is configured to transfer the contents of the email communication(s) subject to encryption to the secure server 103 and, in place of the transferred contents, insert a link (URI) into the body of the subject email message.
  • the message content is storesd on the afoersaid secure server 103 in an encrypted form.
  • the special-purpose sender email client 101 or the secure server 103 may be configured to execute one or more of now known or later developed encryption algorithms to encrypt the contents of the email message(s).
  • the aforesaid link points to the location of the encrypted email contents on the aforesaid secure server 103.
  • the email message body may incorporate a textual mesaage for the email recepient, such as "This email communication is encrypted, to view click on the following URI".
  • the aforesaid link may be in a form of a special URI, such as http://my.com/9248629386982.
  • the secure electronic messaging system 100 After sending, the email message containing the aforesaid URI is stored on the mail server 102, as in a conventional email system.
  • the secure electronic messaging system 100 additionally incorporates the special-purpose secure email client 104.
  • This client is configured to authenticate the recipient user using any now known or later developed authentication means, including, without limitation, a pin code, a password, a fingerprint, a retina scan, a voice fingerprint, etc.
  • the aforesaid client 104 is configured to detect and automatically traverse the above-described link (URI) to the encrypted message contents, to retrieve the email message contents from the described secure server, to decrypt it and to display the decrypted email message contents to the recipient user.
  • URI above-described link
  • the user experience with accessing the described encrypted messages using the special-purpose email client 104 is no different than regular email messages that actually include their unencrypted contents.
  • the special-purpose email client 104 may include an indication for the recepient user that the message is encrypted, such as by displaying a lock icon.
  • the recipient user accesses the aforesaid email message from any other email client (not shown in Figure 1), the aforesaid link to the encrypted message contents is not automatically traversed and the user is presented with the aforesaid message "This email communication is encrypted, to view click on the following URI.”
  • the user click on the displayed URI the user is taken to a special mobile website, which may be hosted by the secure server 103, with an authentication form requesting the user to provide authentication credentials.
  • the message contents is decrpted by the secure server 103 or any other client/server on the network and displayed to the user on the same web page.
  • the aforesaid URI is abbreviated URI, such as http://my.com/9248629386982, or even tiny URI well known to persons of ordinary skill in the art.
  • the aforesaid PIN-code may be a common mobile device PIN-code for access to the mobile applications, a user's touch ID, or a special PIN-code that the user may provide to all recepients of the secure email communications.
  • the described solution allows one to integrate encryption into any email client without the need to process information on the email server 102. Therefore, no changes to the email server 102 are needed to implement the described functionality, as email client 101 and 04 handle the encryption aspects of the communication. In addition, the described functionality enhances the value of the mobile e-mail clients.
  • FIG. 2 illustrates an exemplary operating sequence 200 of an embodiment of a secure email communication system 100 described herein.
  • the special-purpose email client 101 receives, via its graphical user interface, a command from a user to turn on the encryption of an email message.
  • the special-purpose email client 101 encrypts the contents of the subject email communication and transmits it to the secure server 103.
  • the special-purpose email client 101 inserts a message: "This email communication is encrypted, to view click on the following URI" as well as the URI of the encrypted contents on the secure server 103.
  • the email message with the inserted message and URI is sent and stored in the conventional email server 102.
  • the recipient user is notified of the received new email message.
  • the recipient user is authenticated with the special purpose email client 104 using, for example, a PIN or a fingerprint.
  • the recipient user accesses the received message using the special purpose email client 104.
  • the special purpose email client 104 automatically traverses the URI, receives the encrypted message contents from the secure server 103 and decrypts it.
  • the decrypted message contents is shown to the recipient user.
  • FIG. 3 is a block diagram that illustrates an embodiment of a computer system 300 upon which various embodiments of the inventive concepts described herein may be implemented.
  • the system 300 includes a computer platform 301 , peripheral devices 302 and network resources 303.
  • P T/RU2015/000938 P T/RU2015/000938
  • the computer platform 301 may include a data bus 304 or other communication mechanism for communicating information across and among various parts of the computer platform 301 , and a processor 305 coupled with bus 304 for processing information and performing other computational and control tasks.
  • Computer platform 301 also includes a volatile storage 306, such as a random access memory (RAM) or other dynamic storage device, coupled to bus 304 for storing various information as well as instructions to be executed by processor 305, including the software application for proxy detection described above.
  • the volatile storage 306 also may be used for storing temporary variables or other intermediate information during execution of instructions by processor 305.
  • Computer platform 301 may further include a read only memory (ROM or EPROM) 307 or other static storage device coupled to bus 304 for storing static information and instructions for processor 305, such as basic input-output system (BIOS), as well as various system configuration parameters.
  • ROM or EPROM read only memory
  • a persistent storage device 308, such as a magnetic disk, optical disk, or solid-state flash memory device is provided and coupled to bus 304 for storing information and instructions.
  • Computer platform 301 may be coupled via bus 304 to a touch- sensitive display 309, such as a cathode ray tube (CRT), plasma display, or a liquid crystal display (LCD), for displaying information to a system administrator or user of the computer platform 301.
  • a touch- sensitive display 309 such as a cathode ray tube (CRT), plasma display, or a liquid crystal display (LCD)
  • An input device 310 is coupled to bus 304 for communicating information and command selections to processor 305.
  • cursor control device 311 is Another type of user input device, such as a mouse, a trackball, or cursor direction keys for communicating direction information and command selections to processor 305 and for controlling cursor movement on touch-sensitive display 309.
  • This input device typically has two degrees of freedom in two axes, a first axis (e.g., x) and a second axis (e.g., y), that allows the device to specify positions in a plane.
  • the display 309 may incorporate a touchscreen interface configured to detect user's tactile events and send information on the detected events to the processor 305 via the bus 304.
  • An external storage device 312 may be coupled to the computer platform 301 via bus 304 to provide an extra or removable storage capacity for the computer platform 301.
  • the external removable storage device 312 may be used to facilitate exchange of data with other computer systems.
  • the invention is related to the use of computer system 300 for implementing the techniques described herein.
  • the inventive system may reside on a machine such as computer platform 301.
  • the techniques described herein are performed by computer system 300 in response to processor 305 executing one or more sequences of one or more instructions contained in the volatile memory 306.
  • Such instructions may be read into volatile memory 306 from another computer-readable medium, such as persistent storage device 308.
  • Execution of the sequences of instructions contained in the volatile memory 306 causes processor 305 to perform the process steps described herein.
  • hard-wired circuitry may be used in place of or in combination with software instructions to implement the invention.
  • embodiments of the invention are not limited to any specific combination of hardware circuitry and software.
  • Non-volatile media includes, for example, optical or magnetic disks, such as the persistent storage device 308.
  • Volatile media includes dynamic memory, such as volatile storage 306.
  • Common forms of computer-readable media include, for example, a floppy disk, a flexible disk, hard disk, magnetic tape, or any other magnetic medium, a CD-ROM, any other optical medium, punchcards, papertape, any other physical medium with patterns of holes, a RAM, a PROM, an EPROM, a FLASH-EPROM, a flash drive, a memory card, any other memory chip or cartridge, or any other medium from which a computer can read.
  • Various forms of computer readable media may be involved in carrying one or more sequences of one or more instructions to processor 305 for execution.
  • the instructions may initially be carried on a magnetic disk from a remote computer.
  • a remote computer can load the instructions into its dynamic memory and send the instructions over a telephone line using a modem.
  • a modem local to computer system can receive the data on the telephone line and use an infra-red transmitter to convert the data to an infra-red signal.
  • An infra-red detector can receive the data carried in the infra-red signal and appropriate circuitry can place the data on the data bus 304.
  • the bus 304 carries the data to the volatile storage 306, from which processor 305 retrieves and executes the instructions.
  • the instructions received by the volatile memory 306 may optionally be stored on persistent storage device 308 either before or after execution by processor 305.
  • the instructions may also be downloaded into the computer platform 301 via Internet using a variety of network data communication protocols well known in the art.
  • the computer platform 301 also includes a communication interface, such as network interface card 313 coupled to the data bus 304.
  • Communication interface 313 provides a two-way data communication coupling to a network link 314 that is coupled to a local network 315.
  • communication interface 313 may be an integrated services digital network (ISDN) card or a modem to provide a data communication connection to a corresponding type of telephone line.
  • ISDN integrated services digital network
  • communication interface 313 may be a local area network interface card (LAN NIC) to provide a data communication connection to a compatible LAN.
  • Wireless links such as well-known 802.11 a, 802.11b, 802.11g and Bluetooth may also used for network implementation.
  • communication interface 313 sends and receives electrical, electromagnetic or optical signals that carry digital data streams representing various types of information.
  • Network link 314 typically provides data communication through one or more networks to other network resources.
  • network link 314 may provide a connection through local network 315 to a host computer 316, or a network storage/server 322.
  • the network link 314 may connect through gateway/firewall 317 to the wide-area or global network 318, such as an Internet.
  • the computer platform 301 can access network resources located anywhere on the Internet 318, such as a remote network storage/server 319.
  • the computer platform 301 may also be accessed by clients located anywhere on the local area network 315 and/or the Internet 318.
  • the network clients 320 and 321 may themselves be implemented based on the computer platform similar to the platform 301. 00938
  • Local network 315 and the Internet 318 both use electrical electromagnetic or optical signals that carry digital data streams.
  • the signals through the various networks and the signals on network link 314 and through communication interface 313, which carry the digital data to and from computer platform 301, are exemplary forms of carrier waves transporting the information.
  • Computer platform 301 can send messages and receive data, including program code, through the variety of network(s) including Internet 318 and LAN 315, network link 315 and communication interface 313.
  • network(s) including Internet 318 and LAN 315, network link 315 and communication interface 313.
  • the system 301 when the system 301 acts as a network server, it might transmit a requested code or data for an application program running on client(s) 320 and/or 321 through the Internet 318, gateway/firewall 317, local area network 315 and communication interface 313. Similarly, it may receive code from other network resources.
  • the received code may be executed by processor 305 as it is received, and/or stored in persistent or volatile storage devices 308 and 306, respectively, or other non-volatile storage for later execution.

Abstract

A computer-implemented method for secure electronic communication performed in a computerized system comprising a central processing unit, a display device and a memory, the computer-implemented method comprising: receiving, using a user interface displayed on the display device, an instruction from a sender user to encrypt an email message, the email message comprising a message contents; responsive to the received instruction, encrypting the message contents and transmitting the encrypted message contents to a secure server; inserting into the email message, in place of the message contents, a link to the encrypted message contents on the secure server; causing the email message comprising the link to be stored on a email server; and causing a recipient user to be notified of the email message.

Description

SYSTEMS AND METHODS FOR IMPLEMENTING SECURE
EMAIL COMMUNICATIONS
BACKGROUND OF THE INVENTION
Technical Field
[0001] The disclosed embodiments relate in general to secure electronic communications technology and software therefor and, more specifically, to systems and methods for implementing secure email communications.
Description of the Related Art
[0002] After recent leaks of sensitive and/or classified information to the press, the interest in systems and methods enabling secure electronic communications has increased dramatically. However, implementing email encryption requires making extensive changes to existing email server systems, which is expensive and time- consuming. This impedes a widespread use of secure email messaging.
[0003] Therefore, it would be desirable to have a new and improved system and method for secure email communications, which does not involve significant alteration of the existing email server infrastructure.
SUMMARY OF THE INVENTION
[0004] The embodiments described herein are directed to methods and systems that substantially obviate one or more of the above and other problems associated with conventional systems and methods for email communications.
[0005] In accordance with one aspect of the embodiments described herein, there is provided a computer-implemented method for secure electronic communication performed in a computerized system comprising a central processing unit, a display device and a memory, the computer-implemented method comprising: receiving, using a user interface displayed on the display device, an instruction from a sender user to encrypt an email message, the email message comprising a message contents; responsive to the received instruction, encrypting the message contents and transmitting the encrypted message contents to a secure server; inserting into the email message, in place of the message contents, a link to the encrypted message contents on the secure server; causing the email message comprising the link to be stored on a email server; and causing a recipient user to be notified of the email message.
[0006] In one or more embodiments, the method further comprises: receiving the email message from the email server; automatically traversing the link to the encrypted message contents; retrieving the encrypted message contents from the secure server; decrypting the encrypted message contents; and displaying the decrypted message contents to the recipient user.
[0007] In one or more embodiments, the receiving, travestying, decrypting and displaying is performed on an email messaging client.
[0008] In one or more embodiments, the method further comprises authenticating the recipient user.
[0009] In one or more embodiments, the recipient user is authenticated using a
PIN code.
[0010] In one or more embodiments, the recipient user is authenticated using a fingerprint.
[0011] In one or more embodiments, the receiving, encrypting and inserting are performed on an email messaging client.
[0012] In one or more embodiments, the secure server is separate and distinct from the email server.
[0013] one or more embodiments, the link is a short uniform resource identifier (URI)URI. [0014] In one or more embodiments, the inserting further comprises inserting into the email message a textual message to the user.
[0015] In accordance with another aspect of the embodiments described herein, there is provided a non-transitory computer-readable medium embodying a set of computer-executable instructions, which, when executed in a computerized system comprising a central processing unit, a display device and a memory, cause the computerized system to perform a method for secure electronic communication comprising: receiving, using a user interface displayed on the display device, an instruction from a sender user to encrypt an email message, the email message comprising a message contents; responsive to the received instruction, encrypting the message contents and transmitting the encrypted message contents to a secure server; inserting into the email message, in place of the message contents, a link to the encrypted message contents on the secure server; causing the email message comprising the link to be stored on a email server; and causing a recipient user to be notified of the email message.
[0016] In accordance with yet another aspect of the embodiments described herein, there is provided a computerized system for secure electronic communication comprising a central processing unit, a display device and a memory storing a set of computer-executable instructions for: receiving, using a user interface displayed on the display device, an instruction from a sender user to encrypt an email message, the email message comprising a message contents; responsive to the received instruction, encrypting the message contents and transmitting the encrypted message contents to a secure server; inserting into the email message, in place of the message contents, a link to the encrypted message contents on the secure 8 server; causing the email message comprising the link to be stored on a email server; and causing a recipient user to be notified of the email message.
[0017] Additional aspects related to the invention will be set forth in part in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. Aspects of the invention may be realized and attained by means of the elements and combinations of various elements and aspects particularly pointed out in the following detailed description and the appended claims.
[0018] It is to be understood that both the foregoing and the following descriptions are exemplary and explanatory only and are not intended to limit the claimed invention or application thereof in any manner whatsoever.
BRIEF DESCRIPTION OF THE DRAWINGS
[0019] The accompanying drawings, which are incorporated in and constitute a part of this specification exemplify the embodiments of the present invention and, together with the description, serve to explain and illustrate principles of the inventive technique. Specifically:
[0020] Figure 1 illustrates an exemplary embodiment of a secure email communication system described herein.
[0021] Figure 2 illustrates an exemplary operating sequence of an embodiment of a secure email communication system described herein.
[0022] Figure 3 illustrates an exemplary embodiment of a computer platform whereupon the various embodiments described herein may be implemented.
DETAILED DESCRIPTION
[0023] In the following detailed description, reference will be made to the accompanying drawing(s), in which identical functional elements are designated with like numerals. The aforementioned accompanying drawings show by way of illustration, and not by way of limitation, specific embodiments and implementations consistent with principles of the present invention. These implementations are described in sufficient detail to enable those skilled in the art to practice the invention and it is to be understood that other implementations may be utilized and that structural changes and/or substitutions of various elements may be made without departing from the scope and spirit of present invention. The following detailed description is, therefore, not to be construed in a limited sense. Additionally, the various embodiments of the invention as described may be implemented in the form of a software running on a general purpose computer, in the form of a specialized hardware, or combination of software and hardware.
[0024] In accordance with one aspect of the embodiments described herein, there are provided computerized systems and methods for implementing secure email communications. In one or more embodiments, the inventive secure messaging system enables users to exchange encrypted messages. In one or more embodiments, the inventive system enables the user to encrypt specific, user- selected, email message(s) in user's email mailbox or all conversations in user's email mailbox.
[0025] Figure 1 illustrates an exemplary embodiment of a secure email communication system 100 described herein. In various embodiments, the secure email communication system 100 incorporates a special-purpose sender email client 101 , a conventional email server 102, a secure server 103 and a special-purpose recipient email client 104.
[0026] In one or more embodiments, when the user (sender) has turned on the encryption of the email messages on the special-purpose sender email client 101 , the client 101 is configured to transfer the contents of the email communication(s) subject to encryption to the secure server 103 and, in place of the transferred contents, insert a link (URI) into the body of the subject email message. In one or more embodiments, the message content is storesd on the afoersaid secure server 103 in an encrypted form. To this end, the special-purpose sender email client 101 or the secure server 103 may be configured to execute one or more of now known or later developed encryption algorithms to encrypt the contents of the email message(s). The aforesaid link points to the location of the encrypted email contents on the aforesaid secure server 103. In addition, the email message body may incorporate a textual mesaage for the email recepient, such as "This email communication is encrypted, to view click on the following URI". In one or more embodiments, the aforesaid link may be in a form of a special URI, such as http://my.com/9248629386982.
[0027] After sending, the email message containing the aforesaid URI is stored on the mail server 102, as in a conventional email system. In one or more embodiments, the secure electronic messaging system 100 additionally incorporates the special-purpose secure email client 104. This client is configured to authenticate the recipient user using any now known or later developed authentication means, including, without limitation, a pin code, a password, a fingerprint, a retina scan, a voice fingerprint, etc. If the recipient user accesses the aforedaid secure email message from the special-purpose email client 104, the aforesaid client 104 is configured to detect and automatically traverse the above-described link (URI) to the encrypted message contents, to retrieve the email message contents from the described secure server, to decrypt it and to display the decrypted email message contents to the recipient user. Thus, the user experience with accessing the described encrypted messages using the special-purpose email client 104 is no different than regular email messages that actually include their unencrypted contents. In one or more embodiments, the special-purpose email client 104 may include an indication for the recepient user that the message is encrypted, such as by displaying a lock icon.
[0028] On the other hand, if the recipient user accesses the aforesaid email message from any other email client (not shown in Figure 1), the aforesaid link to the encrypted message contents is not automatically traversed and the user is presented with the aforesaid message "This email communication is encrypted, to view click on the following URI." When the user click on the displayed URI, the user is taken to a special mobile website, which may be hosted by the secure server 103, with an authentication form requesting the user to provide authentication credentials. After sucessful authentication, the message contents is decrpted by the secure server 103 or any other client/server on the network and displayed to the user on the same web page. In one or more embodiments, the aforesaid URI is abbreviated URI, such as http://my.com/9248629386982, or even tiny URI well known to persons of ordinary skill in the art.
[0029] In various embodiments, the aforesaid PIN-code may be a common mobile device PIN-code for access to the mobile applications, a user's touch ID, or a special PIN-code that the user may provide to all recepients of the secure email communications.
[0030] As would be appreciated by persons of ordinary skill in the art, the described solution allows one to integrate encryption into any email client without the need to process information on the email server 102. Therefore, no changes to the email server 102 are needed to implement the described functionality, as email client 101 and 04 handle the encryption aspects of the communication. In addition, the described functionality enhances the value of the mobile e-mail clients.
[0031] Figure 2 illustrates an exemplary operating sequence 200 of an embodiment of a secure email communication system 100 described herein. First, at step 201 , the special-purpose email client 101 receives, via its graphical user interface, a command from a user to turn on the encryption of an email message. At step 202, the special-purpose email client 101 encrypts the contents of the subject email communication and transmits it to the secure server 103. In place of the transferred contents, the special-purpose email client 101 inserts a message: "This email communication is encrypted, to view click on the following URI" as well as the URI of the encrypted contents on the secure server 103. At step 203, the email message with the inserted message and URI is sent and stored in the conventional email server 102. Subsequently, at step 204, the recipient user is notified of the received new email message. At step 205, the recipient user is authenticated with the special purpose email client 104 using, for example, a PIN or a fingerprint. At step 206, the recipient user accesses the received message using the special purpose email client 104. At step 207, the special purpose email client 104 automatically traverses the URI, receives the encrypted message contents from the secure server 103 and decrypts it. Finally, at step 208, the decrypted message contents is shown to the recipient user.
[0032] Figure 3 is a block diagram that illustrates an embodiment of a computer system 300 upon which various embodiments of the inventive concepts described herein may be implemented. The system 300 includes a computer platform 301 , peripheral devices 302 and network resources 303. P T/RU2015/000938
[0033] The computer platform 301 may include a data bus 304 or other communication mechanism for communicating information across and among various parts of the computer platform 301 , and a processor 305 coupled with bus 304 for processing information and performing other computational and control tasks. Computer platform 301 also includes a volatile storage 306, such as a random access memory (RAM) or other dynamic storage device, coupled to bus 304 for storing various information as well as instructions to be executed by processor 305, including the software application for proxy detection described above. The volatile storage 306 also may be used for storing temporary variables or other intermediate information during execution of instructions by processor 305. Computer platform 301 may further include a read only memory (ROM or EPROM) 307 or other static storage device coupled to bus 304 for storing static information and instructions for processor 305, such as basic input-output system (BIOS), as well as various system configuration parameters. A persistent storage device 308, such as a magnetic disk, optical disk, or solid-state flash memory device is provided and coupled to bus 304 for storing information and instructions.
[0034] Computer platform 301 may be coupled via bus 304 to a touch- sensitive display 309, such as a cathode ray tube (CRT), plasma display, or a liquid crystal display (LCD), for displaying information to a system administrator or user of the computer platform 301. An input device 310, including alphanumeric and other keys, is coupled to bus 304 for communicating information and command selections to processor 305. Another type of user input device is cursor control device 311 , such as a mouse, a trackball, or cursor direction keys for communicating direction information and command selections to processor 305 and for controlling cursor movement on touch-sensitive display 309. This input device typically has two degrees of freedom in two axes, a first axis (e.g., x) and a second axis (e.g., y), that allows the device to specify positions in a plane. To detect user's gestures, the display 309 may incorporate a touchscreen interface configured to detect user's tactile events and send information on the detected events to the processor 305 via the bus 304.
[0035] An external storage device 312 may be coupled to the computer platform 301 via bus 304 to provide an extra or removable storage capacity for the computer platform 301. In an embodiment of the computer system 300, the external removable storage device 312 may be used to facilitate exchange of data with other computer systems.
[0036] The invention is related to the use of computer system 300 for implementing the techniques described herein. In an embodiment, the inventive system may reside on a machine such as computer platform 301. According to one embodiment of the invention, the techniques described herein are performed by computer system 300 in response to processor 305 executing one or more sequences of one or more instructions contained in the volatile memory 306. Such instructions may be read into volatile memory 306 from another computer-readable medium, such as persistent storage device 308. Execution of the sequences of instructions contained in the volatile memory 306 causes processor 305 to perform the process steps described herein. In alternative embodiments, hard-wired circuitry may be used in place of or in combination with software instructions to implement the invention. Thus, embodiments of the invention are not limited to any specific combination of hardware circuitry and software.
[0037] The term "computer-readable medium" as used herein refers to any medium that participates in providing instructions to processor 305 for execution. The computer-readable medium is just one example of a machine-readable medium, which may carry instructions for implementing any of the methods and/or techniques described herein. Such a medium may take many forms, including but not limited to, non-volatile media and volatile media. Non-volatile media includes, for example, optical or magnetic disks, such as the persistent storage device 308. Volatile media includes dynamic memory, such as volatile storage 306.
[0038] Common forms of computer-readable media include, for example, a floppy disk, a flexible disk, hard disk, magnetic tape, or any other magnetic medium, a CD-ROM, any other optical medium, punchcards, papertape, any other physical medium with patterns of holes, a RAM, a PROM, an EPROM, a FLASH-EPROM, a flash drive, a memory card, any other memory chip or cartridge, or any other medium from which a computer can read.
[0039] Various forms of computer readable media may be involved in carrying one or more sequences of one or more instructions to processor 305 for execution. For example, the instructions may initially be carried on a magnetic disk from a remote computer. Alternatively, a remote computer can load the instructions into its dynamic memory and send the instructions over a telephone line using a modem. A modem local to computer system can receive the data on the telephone line and use an infra-red transmitter to convert the data to an infra-red signal. An infra-red detector can receive the data carried in the infra-red signal and appropriate circuitry can place the data on the data bus 304. The bus 304 carries the data to the volatile storage 306, from which processor 305 retrieves and executes the instructions. The instructions received by the volatile memory 306 may optionally be stored on persistent storage device 308 either before or after execution by processor 305. The instructions may also be downloaded into the computer platform 301 via Internet using a variety of network data communication protocols well known in the art.
[0040] The computer platform 301 also includes a communication interface, such as network interface card 313 coupled to the data bus 304. Communication interface 313 provides a two-way data communication coupling to a network link 314 that is coupled to a local network 315. For example, communication interface 313 may be an integrated services digital network (ISDN) card or a modem to provide a data communication connection to a corresponding type of telephone line. As another example, communication interface 313 may be a local area network interface card (LAN NIC) to provide a data communication connection to a compatible LAN. Wireless links, such as well-known 802.11 a, 802.11b, 802.11g and Bluetooth may also used for network implementation. In any such implementation, communication interface 313 sends and receives electrical, electromagnetic or optical signals that carry digital data streams representing various types of information.
[0041] Network link 314 typically provides data communication through one or more networks to other network resources. For example, network link 314 may provide a connection through local network 315 to a host computer 316, or a network storage/server 322. Additionally or alternatively, the network link 314 may connect through gateway/firewall 317 to the wide-area or global network 318, such as an Internet. Thus, the computer platform 301 can access network resources located anywhere on the Internet 318, such as a remote network storage/server 319. On the other hand, the computer platform 301 may also be accessed by clients located anywhere on the local area network 315 and/or the Internet 318. The network clients 320 and 321 may themselves be implemented based on the computer platform similar to the platform 301. 00938
[0042] Local network 315 and the Internet 318 both use electrical electromagnetic or optical signals that carry digital data streams. The signals through the various networks and the signals on network link 314 and through communication interface 313, which carry the digital data to and from computer platform 301, are exemplary forms of carrier waves transporting the information.
[0043] Computer platform 301 can send messages and receive data, including program code, through the variety of network(s) including Internet 318 and LAN 315, network link 315 and communication interface 313. In the Internet example, when the system 301 acts as a network server, it might transmit a requested code or data for an application program running on client(s) 320 and/or 321 through the Internet 318, gateway/firewall 317, local area network 315 and communication interface 313. Similarly, it may receive code from other network resources.
[0044] The received code may be executed by processor 305 as it is received, and/or stored in persistent or volatile storage devices 308 and 306, respectively, or other non-volatile storage for later execution.
[0045] Finally, it should be understood that processes and techniques described herein are not inherently related to any particular apparatus and may be implemented by any suitable combination of components. Further, various types of general purpose devices may be used in accordance with the teachings described herein. It may also prove advantageous to construct specialized apparatus to perform the method steps described herein. The present invention has been described in relation to particular examples, which are intended in all respects to be illustrative rather than restrictive. Those skilled in the art will appreciate that many different combinations of hardware, software, and firmware will be suitable for practicing the present invention. For example, the described software may be implemented in a wide variety of programming or scripting languages, such as Assembler, C/C++, Objective-C, perl, shell, PHP, Java, as well as any now known or later developed programming or scripting language.
[0046] Moreover, other implementations of the invention will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. Various aspects and/or components of the described embodiments may be used singly or in any combination in the computerized systems and computer-implemented methods for secure electronic communication. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the invention being indicated by the following claims.

Claims

WHAT IS CLAIMED IS:
1 . A computer-implemented method for secure electronic communication performed in a computerized system comprising a central processing unit, a display device and a memory, the computer-implemented method comprising:
a. receiving, using a user interface displayed on the display device, an instruction from a sender user to encrypt an email message, the email message comprising a message contents;
b. responsive to the received instruction, encrypting the message contents and transmitting the encrypted message contents to a secure server;
c. inserting into the email message, in place of the message contents, a link to the encrypted message contents on the secure server;
d. causing the email message comprising the link to be stored on a email server; and
e. causing a recipient user to be notified of the email message.
2. The computer-implemented method of claim 1 , further comprising: receiving the email message from the email server; automatically traversing the link to the encrypted message contents; retrieving the encrypted message contents from the secure server; decrypting the encrypted message contents; and displaying the decrypted message contents to the recipient user.
3. The computer-implemented method of claim 2, wherein receiving, travestying, decrypting and displaying is performed on an email messaging client.
4. The computer-implemented method of claim 2, further comprising authenticating the recipient user.
5. The computer-implemented method of claim 4, wherein the recipient user is authenticated using a PIN code.
6. The computer-implemented method of claim 4, wherein the recipient user is authenticated using a fingerprint.
7. The computer-implemented method of claim 1 , wherein steps a. through c. are performed on an email messaging client.
8. The computer-implemented method of claim 1 , wherein the secure server is separate and distinct from the email server.
9. The computer-implemented method of claim 1 , wherein the link is a short uniform resource identifier (URI).
10. The computer-implemented method of claim 1 , wherein step c. further comprises inserting into the email message a textual message to the user.
1 1. A non-transitory computer-readable medium embodying a set of computer-executable instructions, which, when executed in a computerized system comprising a central processing unit, a display device and a memory, cause the computerized system to perform a method for secure electronic communication comprising:
a. receiving, using a user interface displayed on the display device, an instruction from a sender user to encrypt an email message, the email message comprising a message contents;
b. responsive to the received instruction, encrypting the message contents and transmitting the encrypted message contents to a secure server;
c. inserting into the email message, in place of the message contents, a link to the encrypted message contents on the secure server;
d. causing the email message comprising the link to be stored on a email server; and
e. causing a recipient user to be notified of the email message.
12. The non-transitory computer-readable medium of claim 11 , wherein the method further comprises: receiving the email message from the email server; automatically traversing the link to the encrypted message contents; retrieving the encrypted message contents from the secure server; decrypting the encrypted message contents; and displaying the decrypted message contents to the recipient user.
13. The non-transitory computer-readable medium of claim 12, wherein receiving, travestying, decrypting and displaying is performed on an email messaging client.
14. The non-transitory computer-readable medium of claim 12, wherein the method further comprises authenticating the recipient user.
15. The non-transitory computer-readable medium of claim 14, wherein the recipient user is authenticated using a PIN code.
16. The non-transitory computer-readable medium of claim 14, wherein the recipient user is authenticated using a fingerprint.
17. The non-transitory computer-readable medium of claim 11 , wherein steps a. through c. are performed on an email messaging client.
18. The non-transitory computer-readable medium of claim 1 1 , wherein the secure server is separate and distinct from the email server.
19. The non-transitory computer-readable medium of claim 11 , wherein the link is a short uniform resource identifier (URI).
20. A computerized system for secure electronic communication comprising a central processing unit, a display device and a memory storing a set of computer- executable instructions for:
a. receiving, using a user interface displayed on the display device, an instruction from a sender user to encrypt an email message, the email message comprising a message contents; responsive to the received instruction, encrypting the message contents and transmitting the encrypted message contents to a secure server;
inserting into the email message, in place of the message contents, a link to the encrypted message contents on the secure server;
causing the email message comprising the link to be stored on a email server; and
causing a recipient user to be notified of the email message.
PCT/RU2015/000938 2015-12-28 2015-12-28 Systems and methods for implementing secure email communications WO2017116260A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/RU2015/000938 WO2017116260A1 (en) 2015-12-28 2015-12-28 Systems and methods for implementing secure email communications

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/RU2015/000938 WO2017116260A1 (en) 2015-12-28 2015-12-28 Systems and methods for implementing secure email communications

Publications (1)

Publication Number Publication Date
WO2017116260A1 true WO2017116260A1 (en) 2017-07-06

Family

ID=59225811

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/RU2015/000938 WO2017116260A1 (en) 2015-12-28 2015-12-28 Systems and methods for implementing secure email communications

Country Status (1)

Country Link
WO (1) WO2017116260A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10805311B2 (en) * 2016-08-22 2020-10-13 Paubox Inc. Method for securely communicating email content between a sender and a recipient
US11411726B2 (en) 2018-05-24 2022-08-09 British Telecommunications Public Limited Company Cryptographic key generation using multiple random sources
US11451387B2 (en) 2018-05-24 2022-09-20 British Telecommunications Public Limited Company Cryptographic key generation and storage
US11640480B2 (en) 2018-04-25 2023-05-02 British Telecommunications Public Limited Company Data message sharing

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080222734A1 (en) * 2000-11-13 2008-09-11 Redlich Ron M Security System with Extraction, Reconstruction and Secure Recovery and Storage of Data
US20130035055A1 (en) * 2003-06-25 2013-02-07 Steve Kirchmeier Notification System Management
US20130061337A1 (en) * 2007-12-07 2013-03-07 Z-Firm, LLC Securing shipment information accessed based on data encoded in machine-readable data blocks
US20150200780A1 (en) * 2014-01-14 2015-07-16 Daniele Vantaggiato Identification and/or authentication method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080222734A1 (en) * 2000-11-13 2008-09-11 Redlich Ron M Security System with Extraction, Reconstruction and Secure Recovery and Storage of Data
US20130035055A1 (en) * 2003-06-25 2013-02-07 Steve Kirchmeier Notification System Management
US20130061337A1 (en) * 2007-12-07 2013-03-07 Z-Firm, LLC Securing shipment information accessed based on data encoded in machine-readable data blocks
US20150200780A1 (en) * 2014-01-14 2015-07-16 Daniele Vantaggiato Identification and/or authentication method

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10805311B2 (en) * 2016-08-22 2020-10-13 Paubox Inc. Method for securely communicating email content between a sender and a recipient
US11640480B2 (en) 2018-04-25 2023-05-02 British Telecommunications Public Limited Company Data message sharing
US11411726B2 (en) 2018-05-24 2022-08-09 British Telecommunications Public Limited Company Cryptographic key generation using multiple random sources
US11451387B2 (en) 2018-05-24 2022-09-20 British Telecommunications Public Limited Company Cryptographic key generation and storage

Similar Documents

Publication Publication Date Title
US10554420B2 (en) Wireless connections to a wireless access point
US9807066B2 (en) Secure data transmission and verification with untrusted computing devices
US9781098B2 (en) Generic server framework for device authentication and management and a generic framework for endpoint command dispatch
EP2883340B1 (en) Authorization method, apparatus, and system
US10681081B2 (en) Secure content and encryption methods and techniques
US20220207189A1 (en) Secure storage device
US9160722B2 (en) System and method for securing user information on social networks
US10127317B2 (en) Private cloud API
US10038674B2 (en) Secure mobile data sharing
US11489831B2 (en) Communication system and computer readable storage medium
US20170374044A1 (en) Messenger application systems and methods
CN111052685B (en) Method and apparatus for multi-agent messaging
WO2017116260A1 (en) Systems and methods for implementing secure email communications
CN113924551A (en) Method and system for accessing remotely stored files using virtual applications
EP3272093A1 (en) Method and system for anti-phishing using smart images
JP7403031B2 (en) Use of encryption key exchange and rotation to share passwords via shared folders
US8621581B2 (en) Protecting authentication information of user applications when access to a users email account is compromised
US11317286B2 (en) Network authentication via encrypted network access packages
CN114422237B (en) Data transmission method and device, electronic equipment and medium
CN106453335B (en) Data transmission method and device
US9973486B2 (en) Systems and methods for authorizing a session between a browser and a terminal server
US10756899B2 (en) Access to software applications
CN112565156B (en) Information registration method, device and system
US9319358B2 (en) Terminal interaction methods and related devices and systems
JP5417026B2 (en) Password notification device and password notification system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15912140

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15912140

Country of ref document: EP

Kind code of ref document: A1