CA2339228A1 - Systems and methods for securing electronic message - Google Patents
Systems and methods for securing electronic message Download PDFInfo
- Publication number
- CA2339228A1 CA2339228A1 CA002339228A CA2339228A CA2339228A1 CA 2339228 A1 CA2339228 A1 CA 2339228A1 CA 002339228 A CA002339228 A CA 002339228A CA 2339228 A CA2339228 A CA 2339228A CA 2339228 A1 CA2339228 A1 CA 2339228A1
- Authority
- CA
- Canada
- Prior art keywords
- electronic message
- policies
- computer
- recipient
- sender
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Landscapes
- Information Transfer Between Computers (AREA)
Abstract
System and methods are provided for permitting a sender to control access to an electronic message. The sender selects one or more policies (202) which are packaged (220) with the electronic message (204) to form an object (222). The policies are implemented as computer-executable instructions capable of execution on a remote computer. The recipient can only access the electronic message as dictated by the policies which are in the object. Unauthorized use of the electronic message is substantially prevented and the electronic message remains in the control of the sender.
Description
SYSTEMS AND METHODS FOR SECURING ELECTRONIC MESSAGE
BACKGROUND OF THE INVENTION
Related Applications This application claims the benefit of U.S. Application No. 09/129,467, filed August 4, 1998, which is incorporated herein by reference.
The Field of the Invention The present invention relates to electronic messaging. More particularly, the present invention relates to rendering electronic messages in a controlled manner.
The Prior State of the Art Electronic mail, or email, is a type of electronic message that involves the transmission of messages over a communications network, which can be the Internet, a local area network (LAN), a wide area network (WAN) or other network. In today's world, anyone with a computer can have access to email and email systems.
Businesses have begun to rely on email as a method for interoffice communications and companies that are fully networked make extensive use of email because it is fast, flexible, and reliable.
Because the use of email has exploded in recent years, the capabilities and features of email systems and programs have also improved. For example, practically all email programs allow the user to attach files to a text message. The attachment may be a photo, a video clip, a sound byte, or other data. A user has the ability to send almost anything via email. A single email can be simultaneously sent to more than one person without having to retype the text of the message. An email can be stored on the recipient's computer as a text file, or be forwarded to a different user, or printed.
Email systems also have the ability to enhance the appearance of the text in the email. Users can select the color and font of the text in the email to enhance the visual 3 5 appearance of the email. Other email applications notify a user when an email is received and opened by the recipient. Other additions to email systems include address books and scheduling applications. Address books allow a user to store email addresses and personal information about the recipient. In sum, Email applications are not only becoming sophisticated, but are also becoming indispensable.
Currently, there are two predominant types of email applications or systems:
client based email and browser based email. Client based email involves a client side application stored on each client machine. The application typically provides, at a minimum, the tools necessary for a user to compose and send an email. A server receives the composed emails and forwards them to the recipients. Browser based email systems also provide the tools necessary for a user to compose an email, but each user or client machine does not have a separate application because the email application is accessible with an Internet browses.
Many proprietary email systems provide additional tools which are not available to users outside of the local network. For instance, an email may be retractable by the sender within the proprietary system if the email has not yet reached the recipient.
However, the additional tools are only available to clients served by that particular server, or to families of that particular proprietary system. Browser based email and client based email systems do not have the ability to retract an email that has left the local mail server.
Once an email has entered the Internet, it will be received and read by the recipient. In some instances, the email may be read by unintended recipients. It would be advantageous to provide tools that function within any system.
Instant messaging is another example where an electronic message is sent to a recipient. Typically, a portal provides this service to users who are connected to the portal by having a user select or create a list of persons with whom instant messaging is desired. When a person on the list logs on to the portal, the creator of the list is notified.
The creator can then send a message which is instantly received by the recipient. In many aspects, instant messaging is similar to a chat room where all users can view the messages of other users. Instant messaging, however, is typically limited to a known group of users which are all on a certain list.
Electronic messages can be sent in other methods. Currently, facsimile, printing and other services are available on the Internet. The common factor related to facsimiles, email, instant messaging and other services is data or information. The fundamental issue is that information has value and there is a need to protect that data as the use of electronic messages becomes more prominent in personal and business applications.
In many instances, the sender simply desires to maintain control over the information in the electronic message. Sending an electronic message can deprive the sender of that control. For example, many firms or businesses exist which search various publications and databases for a fee. These firms produce a report related to the search request of their clients. In many instances, the contents of the report can be sensitive.
For example, the report may contain an analysis of whether a hostile corporate takeover is feasible. The report of these firms is valuable not only to the client, but also to the firnl. With today's technology, the report may be sent to the client electronically. If the information in the report, however, is discovered by an unauthorized party, then damage has been done to both parties. In fact, many firms will not transmit sensitive data electronically for fear of the information being obtained by an unauthorized person.
Additionally, the information in an electronic message can be discovered either intentionally or inadvertently. For example, it is possible for a user to accidentally hit the forward button instead of the reply button in an email application. The result of this mistake is that the information may be addressed or delivered to the wrong person. In other instances, traffic on the Internet is monitored and intercepted to determine the content of the traffic. If sensitive information is sent, it is possible that the information will be intercepted and misused. The same perils exist with paper documents, but it is more complicated to copy a report and mail it to an unauthorized person than it is to simply click the forward button of an email application.
While electronic messages provide desirable advantages, there are corresponding disadvantages. Because information can be sent electronically and because the information is potentially discoverable by unauthorized individuals either inadvertently or intentionally, there is a need to protect the information, or minimize the risk that the data will be accessed without authorization. It would be an advance in the art to provide risk management to electronic messages.
SO
BACKGROUND OF THE INVENTION
Related Applications This application claims the benefit of U.S. Application No. 09/129,467, filed August 4, 1998, which is incorporated herein by reference.
The Field of the Invention The present invention relates to electronic messaging. More particularly, the present invention relates to rendering electronic messages in a controlled manner.
The Prior State of the Art Electronic mail, or email, is a type of electronic message that involves the transmission of messages over a communications network, which can be the Internet, a local area network (LAN), a wide area network (WAN) or other network. In today's world, anyone with a computer can have access to email and email systems.
Businesses have begun to rely on email as a method for interoffice communications and companies that are fully networked make extensive use of email because it is fast, flexible, and reliable.
Because the use of email has exploded in recent years, the capabilities and features of email systems and programs have also improved. For example, practically all email programs allow the user to attach files to a text message. The attachment may be a photo, a video clip, a sound byte, or other data. A user has the ability to send almost anything via email. A single email can be simultaneously sent to more than one person without having to retype the text of the message. An email can be stored on the recipient's computer as a text file, or be forwarded to a different user, or printed.
Email systems also have the ability to enhance the appearance of the text in the email. Users can select the color and font of the text in the email to enhance the visual 3 5 appearance of the email. Other email applications notify a user when an email is received and opened by the recipient. Other additions to email systems include address books and scheduling applications. Address books allow a user to store email addresses and personal information about the recipient. In sum, Email applications are not only becoming sophisticated, but are also becoming indispensable.
Currently, there are two predominant types of email applications or systems:
client based email and browser based email. Client based email involves a client side application stored on each client machine. The application typically provides, at a minimum, the tools necessary for a user to compose and send an email. A server receives the composed emails and forwards them to the recipients. Browser based email systems also provide the tools necessary for a user to compose an email, but each user or client machine does not have a separate application because the email application is accessible with an Internet browses.
Many proprietary email systems provide additional tools which are not available to users outside of the local network. For instance, an email may be retractable by the sender within the proprietary system if the email has not yet reached the recipient.
However, the additional tools are only available to clients served by that particular server, or to families of that particular proprietary system. Browser based email and client based email systems do not have the ability to retract an email that has left the local mail server.
Once an email has entered the Internet, it will be received and read by the recipient. In some instances, the email may be read by unintended recipients. It would be advantageous to provide tools that function within any system.
Instant messaging is another example where an electronic message is sent to a recipient. Typically, a portal provides this service to users who are connected to the portal by having a user select or create a list of persons with whom instant messaging is desired. When a person on the list logs on to the portal, the creator of the list is notified.
The creator can then send a message which is instantly received by the recipient. In many aspects, instant messaging is similar to a chat room where all users can view the messages of other users. Instant messaging, however, is typically limited to a known group of users which are all on a certain list.
Electronic messages can be sent in other methods. Currently, facsimile, printing and other services are available on the Internet. The common factor related to facsimiles, email, instant messaging and other services is data or information. The fundamental issue is that information has value and there is a need to protect that data as the use of electronic messages becomes more prominent in personal and business applications.
In many instances, the sender simply desires to maintain control over the information in the electronic message. Sending an electronic message can deprive the sender of that control. For example, many firms or businesses exist which search various publications and databases for a fee. These firms produce a report related to the search request of their clients. In many instances, the contents of the report can be sensitive.
For example, the report may contain an analysis of whether a hostile corporate takeover is feasible. The report of these firms is valuable not only to the client, but also to the firnl. With today's technology, the report may be sent to the client electronically. If the information in the report, however, is discovered by an unauthorized party, then damage has been done to both parties. In fact, many firms will not transmit sensitive data electronically for fear of the information being obtained by an unauthorized person.
Additionally, the information in an electronic message can be discovered either intentionally or inadvertently. For example, it is possible for a user to accidentally hit the forward button instead of the reply button in an email application. The result of this mistake is that the information may be addressed or delivered to the wrong person. In other instances, traffic on the Internet is monitored and intercepted to determine the content of the traffic. If sensitive information is sent, it is possible that the information will be intercepted and misused. The same perils exist with paper documents, but it is more complicated to copy a report and mail it to an unauthorized person than it is to simply click the forward button of an email application.
While electronic messages provide desirable advantages, there are corresponding disadvantages. Because information can be sent electronically and because the information is potentially discoverable by unauthorized individuals either inadvertently or intentionally, there is a need to protect the information, or minimize the risk that the data will be accessed without authorization. It would be an advance in the art to provide risk management to electronic messages.
SO
OBJETS AND SUMMARY OF THE INVENTION
It is therefore an object of one embodiment of the present invention to secure the contents of an electronic message.
It is another object of one embodiment of the present invention to provide risk management to electronic messages.
It is a further object of one embodiment of the present invention to prevent unauthorized use of electronic messages.
It is an additional object of one embodiment of the present invention to select policies for an electronic message.
It is yet another object of one embodiment of the present invention to integrate policies controlling access to an electronic message with the electronic message.
It is a further object of one embodiment of the present invention to create an electronic message with self enforcing policies.
It is another object of one embodiment of the present invention to restrict access to electronic messages.
Risk management for electronic messages requires, in one embodiment, that access to electronic messages be monitored or restricted. This is difficult because once the electronic message has been sent to a recipient, it is no longer in the control of the sender. The present invention provides systems and methods for controlling the recipient's access to the electronic message.
In order for a sender to control access to an electronic message, the sender chooses policies which are to be enforced with respect to the electronic message. The policies are typically related to the use and access of the electronic message, but may serve other functions. For instance, a user may choose a policy which prevents a recipient from printing the electronic message or the user may choose a policy which prevents the electronic message from being forwarded to another user. Other functions include automatically forwarding the message to another user upon being opened by a recipient. In sum, policies can serve a wide variety of purposes for the sender.
After the policies have been selected by the sender, they are associated with the electronic message. The policies and the electronic message are then packaged together to form an object. The policies are represented, in one embodiment, by computer-executable instructions and are capable of executing on a remote machine.
An example of such computer executable instructions is JAVA. This embodiment permits the object to enforce the policies selected by the sender on the recipient.
The present invention can be configured in a wide variety of ways. For instance, one embodiment uses a remote source to store the policies which the sender may associate with an electronic message. In this embodiment, the packaged object includes a Uniform Resource Identifier (URI) referring to a remote policy which must be accessed before access to the electronic message is granted to the recipient. The policies which may be stored at a remote location with respect to both the sender and the recipient, are enforced by the object.
It is therefore an object of one embodiment of the present invention to secure the contents of an electronic message.
It is another object of one embodiment of the present invention to provide risk management to electronic messages.
It is a further object of one embodiment of the present invention to prevent unauthorized use of electronic messages.
It is an additional object of one embodiment of the present invention to select policies for an electronic message.
It is yet another object of one embodiment of the present invention to integrate policies controlling access to an electronic message with the electronic message.
It is a further object of one embodiment of the present invention to create an electronic message with self enforcing policies.
It is another object of one embodiment of the present invention to restrict access to electronic messages.
Risk management for electronic messages requires, in one embodiment, that access to electronic messages be monitored or restricted. This is difficult because once the electronic message has been sent to a recipient, it is no longer in the control of the sender. The present invention provides systems and methods for controlling the recipient's access to the electronic message.
In order for a sender to control access to an electronic message, the sender chooses policies which are to be enforced with respect to the electronic message. The policies are typically related to the use and access of the electronic message, but may serve other functions. For instance, a user may choose a policy which prevents a recipient from printing the electronic message or the user may choose a policy which prevents the electronic message from being forwarded to another user. Other functions include automatically forwarding the message to another user upon being opened by a recipient. In sum, policies can serve a wide variety of purposes for the sender.
After the policies have been selected by the sender, they are associated with the electronic message. The policies and the electronic message are then packaged together to form an object. The policies are represented, in one embodiment, by computer-executable instructions and are capable of executing on a remote machine.
An example of such computer executable instructions is JAVA. This embodiment permits the object to enforce the policies selected by the sender on the recipient.
The present invention can be configured in a wide variety of ways. For instance, one embodiment uses a remote source to store the policies which the sender may associate with an electronic message. In this embodiment, the packaged object includes a Uniform Resource Identifier (URI) referring to a remote policy which must be accessed before access to the electronic message is granted to the recipient. The policies which may be stored at a remote location with respect to both the sender and the recipient, are enforced by the object.
In another embodiment, the policies may be coded instructions which represent policies which are stored on a remote location. The remote location may be referenced by a URI, or the remote location can be the recipient's computer or other rendering device. In other words, the recipient may have computer-executable S instructions which can interpret the coded policies.
The present invention may be implemented in both client based systems as well as browser based systems. In environments that do not support the rendering of Hyper Text Markup Language (HTML) within the body of a received email, the object may arrive as an attachment. In one embodiment, the recipient is required to have a Java virtual machine before the policies integrated with the electronic message may be enforced.
Additional objects and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by the practice of the invention. The objects and advantages of the invention may be realized and obtained by means of the instruments and combinations particularly pointed out in the appended claims. These and other objects and features of the present invention will become more fully apparent from the following description and appended claims, or may be learned by the practice of the invention as set forth hereinafter.
WO 00/08794 PC'f/US99/17786 BRIEF DESCRIPTION OF THE DRAWINGS
In order that the manner in which the above-recited and other advantages and objects of the invention are obtained, a more particular description of the invention briefly described above will be rendered by reference to specific embodiments thereof which are illustrated in the appended drawings. Understanding that these drawings depict only typical embodiments of the invention and are not therefore to be considered limiting of its scope, the invention will be described and explained with additional specificity and detail through the use of the accompanying drawings in which:
Figure 1 is an exemplary system for implementing the present invention;
Figure 2 is a block diagram of an object comprising data packaged with one or mare policies;
Figure 3 is a block diagram illustrating an exemplary method for creating a self executing object; and , Figure 4 is a block diagram of a network implementing the systems and methods of the present invention.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
Electronic messages are used to convey information from one entity to another entity. As used herein, electronic message comprises email, instant messaging, facsimile, video files, audio files, graphics, text, documents, spreadsheets, databases and other data and information. A significant problem with electronic messages is that control of the electronic message passes from the sender to the recipient. In many instances, the sender desires to maintain control of the electronic message.
This is true of confidential or sensitive information as well as of data that is copyrighted or otherwise protected by law.
Electronic messages provide a sender with the ability to quickly transmit information to a recipient, but as previously discussed, certain risks are involved. The protection a sender desires to impart to an electronic message can vary.
Security, in any event, is never absolute. The present invention provides systems and methods for securing electronic messages from unauthorized use.
A sender, in a preferred embodiment of the present invention, creates or prepares an electronic message using either a client based or a browser based application. Policies are made available to the sender and the sender selects one or more of those policies to be associated with the electronic message. A
packager is provided which packages the electronic message with the selected policies into an object. The policies associated with the message are capable of executing or of being executed at the recipient's computer or other rendering device and permit the sender of the electronic message to maintain control over the electronic message in the object. In effect, the use of the electronic message is dictated by the sender of the electronic message. In this manner, the risk of unauthorized use is reduced and the content of the electronic message is secured or protected.
The present invention is described in terms of diagrams and flow charts. Using the diagrams and flow charts in this manner to present the invention should not be construed as limiting its scope. The embodiments of the present invention may comprise a special purpose or general purpose computer comprising various computer hardware.
Embodiments within the scope of the present invention also include computer-readable media having computer-executable instructions or data structures stored thereon.
Such computer-readable media can be any available media which can be accessed by a general purpose or special purpose computer. By way of example, and not limitation, such computer-readable media can comprise RAM, ROM, EEPROM, CD-ROM or other optical disk storage, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired executable instructions or data structures and which can be accessed by a general purpose or special purpose computer.
When information is transferred or provided over a network or other communication connection to a computer, the computer properly views the connection as a computer-readable medium. Thus, such a connection is also properly termed a computer-readable medium.
Combinations of the above should also be included within the scope of computer-readable media. Computer-executable instructions comprise, for example, instructions and data which cause a general purpose computer, special purpose computer, or special purpose processing device to perform a certain function or group of functions.
The computer-executable instructions and associated data structures represent an example of program code means for executing the steps of the invention disclosed herein.
Figure 1 and the following discussion are intended to provide a brief, general description of a suitable computing environment in which the invention may be implemented. Although not required, the invention will be described in the general context of computer-executable instructions, such as program modules, being executed S by a personal computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. Moreover, those skilled in the art will appreciate that the invention may be practiced with other computer system configurations, including hand-held devices, mufti-processor systems, microprocessor-based or programmable consumer electronics, network PCs, minicomputers, mainframe computers, and the like.
The invention may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote memory storage devices.
With reference to Figure 1, an exemplary system for implementing the invention includes a general purpose computing device in the form of a conventional computer 20, including a processing unit 21, a system memory 22, and a system bus 23 that couples various system components including the system memory to the processing unit.
The system bus 23 may be any of several types of bus structures including a memory bus or memory controller, a peripheral bus, and a local bus using any of a variety of bus architectures. The system memory includes read only memory (ROM) 24 and random access memory (RAM) 25. A basic input/output system (BIOS) 26, containing the basic routines that help to transfer information between elements within the computer 20, such as during start-up, may be stored in ROM 24. The computer 20 may also include a magnetic hard disk drive 27 for reading from and writing to a magnetic hard disk, not shown, a magnetic disk drive 28 for reading from or writing to a removable magnetic disk 29, and an optical disk drive 30 for reading from or writing to removable optical disk 31 such as a CD-ROM or other optical media. The magnetic hard disk drive 27, magnetic disk drive 28, and optical disk drive 30 are connected to the system bus 23 by a hard disk drive interface 32, a magnetic disk drive-interface 33, and an optical drive interface 34, respectively. The drives and their associated computer-readable media provide nonvolatile storage of computer readable instructions, data structures, program modules and other data for the computer 20. Although the exemplary environment described herein employs a magnetic hard disk 27, a removable magnetic disk 29 and a removable optical disk 31, it should be appreciated by those skilled in the art that other types of computer readable media which can store data that is accessible by a computer, such as magnetic cassettes, flash memory cards, digital video disks, Bernoulli cartridges.
random access memories (RAMS), read only memories (ROM), and the like, may also be used in the exemplary operating environment.
A number of program modules may be stored on the hard disk, magnetic disk 29, optical disk 31, ROM 24 or RAM 25, including an operating system 35, one or more application programs 36, other program modules 37, and program data 38. A user may enter commands and information into the computer 20 through input devices such as a keyboard 40 and pointing device 42. Other input devices (not shown) may include a microphone, joy stick, game pad, satellite dish, scanner, or the like. These and other input devices are often connected to the processing unit 21 through a serial port interface 46 that is coupled to system bus 23, but may be connected by other interfaces, such as a parallel port, game port or a universal serial bus (USB). A monitor 47 or other type of display device is also connected to system bus 23 via an interface, such as video adapter 48. In addition to the monitor, personal computers typically include other peripheral output devices (not shown), such as speakers and printers.
WO 00/08794 PCT/US99/1778b The computer 20 may operate in a networked environment using logical connections to one or more remote computers, such as a remote computer 49.
Remote computer 49 may be another personal computer, a server, a router, a network PC, a peer device or other common network node, and typically includes many or all of the elements described above relative to the computer 20, although only a memory storage device SO
has been illustrated in Figure 1. The logical connections depicted in Figure 1 include a local area network (LAN) 51 and a wide area network (WAN) 52 that are presented here by way of example and not limitation. Such networking environments are commonplace in offices enterprise-wide computer networks, intranets and the Internet.
When used in a LAN networking environment, the computer 20 is connected to the local network 51 through a network interface or adapter 53. When used in a WAN networking environment, the computer 20 typically includes a modem 54 or other means for establishing communications over the wide area network 52, such as the Internet. Additionally, computer networks may comprise wireless networks.
The modem 54, which may be internal or external, is connected to the system bus 23 via the serial port interface 46. In a networked environment, program modules depicted relative to the computer 20, or portions thereof, may be stored in the remote memory storage device. It will be appreciated that the network connections shown are exemplary and other means of establishing a communications link between the computers may be used.
Figure 2 is a block diagram conceptually illustrating data to which access is restricted by policies. Electronic message 204 can be an email, an instant message, a video clip, an audio file, a document, a file, a Universal Resource Identifier (URI) or any other type of data which is to be protected. Polices 202 are intended to define how electronic message 204 can be used or accessed. Policies 202 and electronic message 204 are coupled or packaged together to form object 200.
Policies 202 are an important aspect of object 200 because policies 202 define, in one embodiment: the method of revealing or rendering electronic message 204;
how electronic message 204 is to be accessed; and the ways in which a user may interact with or use electronic message 204. Exemplary polices, which may be selected by a sender of electronic message 204, include but are not limited to:
indicating whether the recipient is permitted to forward electronic message 204 to another user; indicating whether a recipient is permitted to copy, paste or cut the content of electronic message 204; indicating whether a recipient is permitted to save electronic message 204 separate from policies 202; indicating whether a sender is able to retract electronic message 204 that has been sent or forwarded to the recipient or another user; and indicating whether a user can print electronic message 204.
Other policies 202 may specify and/or include:
a date before which an electronic message may not be used, or a date after which an electronic message may no longer be used, or a time window in which the electronic message may be accessed;
the number of times an electronic message may be opened or accessed;
an audit trail, in which data pertaining to the usage history of an electronic message is captured and stored in a file or sent to another party, which may be the sender of the electronic message;
acceptance conditions or the presentation of acceptance conditions, which the recipient must accept before the electronic message is accessed or opened, and the recording of the recipient's acceptance or rejection of the acceptance conditions as well as notification to a party, such as the sender, that the acceptance conditions have been accepted or rejected;
the number of times an electronic message may be accessed, opened or read, which may be once;
that a record of the use of the electronic message by the recipient may be created and sent or forwarded to another party which may be the sender;
that only a specific number or a larger number of electronic messages may be accessed or opened;
that only the first N number of copies of an electronic message may be opened oraccessed;
that the receiver must choose a password or a pass phrase, which will be required for subsequent attempts to open the electronic message;
that only one copy of the electronic message is ever accessible or readable. and that the determination of which copy of the electronic message may be opened may depend on which copy is opened first, last, or by other conditions;
that messages require another condition to occur and that the conditions may be provided by an external source;
authorization via public key systems, symmetric key systems, passphrases, biometric characteristics, company badges, smart cards, JavaRings, or other forms of personal or group authorization;
that electronic messages are only accessible or readable in a specified order by particular recipients as in a routing slip;
that an electronic message cannot be captured by a printscreen function or other memory capturing method; and that messages are only readable or accessible under specific environmental conditions, such as the time of day, the location of the attempt to access the electronic message, when another person is logged in and viewing the audit logs, etc.
Other polices can be implemented and all polices can be combined in complex relations.
Clearly, many policies can be implemented and enforced with respect to an electronic message.
In another embodiment, policies 202 may comprise a URI reference. The URI
reference, which may be remotely located with respect to both the sender and recipient of the electronic message may contain the actual polices that the sender desires to enforce. In this instance, the policy packaged in the object would be the requirement to look to a remote source or location for additional policies which may affect the recipient's access to the electronic message.
IO
Figure 3 is illustrative of the method by which object 200 is formed.
Electronic message 204 is gathered or created by a user. For instance, a user may create an email which is to be sent to a recipient. The email, in this case, would be electronic message 204. After electronic message 204 has been created, associator 222 associates policies 202, which have been selected by the sender, with electronic message 204. At associator 222, policies 222 which are linked or associated with electronic message 204 and are not yet enforceable.
After electronic message 204 and policies 202 are associated, packager 220 packages them to create object 200. In one embodiment, this is done by creating a JAVA applet which is capable of executing on any recipient having a Java virtual machine. In other words, policies 202, in one embodiment, are computer-executable instructions that are capable of executing on a remote computer. In another embodiment, the policies packaged with an electronic message are coded instructions 1 S which invoke computer-executable instructions which reside in a separate or remote environment or location. For example, the local network of the recipient may have the computer-executable instructions necessary to execute the coded instructions stored on a server which is accessible by the recipient, or the computer of the recipient may contain the necessary computer-executable instructions, or the computer-executable instructions referenced by the coded instructions may reside on a remote location or environment. In other words, the policies packaged in an object can be executed and enforced in a variety of methods.
Once object 200 is formed, policies 202 are active and will control the recipient's access and use of electronic message 204. In this manner, object 200 is self enforcing. In systems having a form of electronic messaging, such as email, the sender is no longer in physical control of the electronic message after it has been sent.
Creating an object, which comprises data and computer-executable instructions, permits the sender of the data to ensure that the data is used appropriately by the recipient.
In addition to packaging data 202 with policies 204, packager 220, or associator 222 has the capability to encrypt electronic message 204. The encryption of data 202, in one embodiment, is to ensure that only the intended recipient has the capability of decrypting data 202. For example, if electronic message 204 is encrypted with a key that only a particular recipient possesses, forwarding data 202 to another user, while possible, is essentially useless because the data remains encrypted.
The encryption is typically performed using methods well known in the art. In another embodiment, the encryption is to ensure that only when the conditions specified in the policies are satisfied can the message be decrypted and viewed.
Figure 4 is a block diagram of an exemplary system in which electronic messages may be sent. Network 230 is illustrated having a plurality of senders 232, packager 220, server 234 and path 236. Senders 232 are intended to be representative of the source of an electronic message or other data. In a preferred embodiment, sender 232 is a computer as described in Figure 1 which has the capability of creating and sending or transmitting an electronic message. Server 234 may also be embodied as a computer having the capability of sending or forwarding electronic messages created by sender 232. Server 234, in a preferred embodiment is a mail server or a web server. Packager 220, as described previously, creates object 200.
Packager 220 may also be embodied as a computer and is located, in a preferred embodiment, in the network such that all electronic messages are examined WO 00/08794 PCfNS99/17786 or monitored by packager 220. Those electronic messages that have been associated with policies are manipulated by packager 220 to form object 200. Electronic messages that are not associated with policies are typically ignored by packager 220.
S Server 234, upon receiving an electronic message, forwards or sends the electronic message to recipient 242. Typically, sender 232 and recipient 242 are connected via a network. In figure 4, Internet 238 is the connecting network.
The electronic message, or object arrives at server 240 at which point recipient 242 is notified that an electronic message has arrived. Figure 4 illustrates that electronic messages or objects are sent and received in well known methods with the difference that packager 220 creates an object which is self enforcing. In other words, the policies of the sent object define what recipient 242 can do with the electronic message in the object, rather than the particular application of the user.
Recipient 242, upon receiving the object, will only be able to access the data in the object as determined by the policies. In some embodiments, the policies are part of the object. In other embodiments, the policies may refer to a remote location which is independent of sender 232. For instance, source 244, which may be referenced by a URI, may contain the policies which are to be enforced against recipient 242. The object received by recipient 242, in this example, would cause source 244 to be accessed to determine the policies to be enforced against recipient 242.
Path 236 is representative of the path of the electronic message from sender 232 to packager 220. While the electronic message is in path 236, an object has not been formed and the electronic message is potentially discoverable by unauthorized persons. To protect against this possibility, a cryptographically secure connection may be employed for the transport of the electronic message.
In another embodiment, path 236 first leads to an associator, shown in Figure 3, which is located between sender 232 and packager 220. The associator typically performs a function separate from the function of the packager, but the associator is capable of performing its function at sender 232, at packager 220. or at some point in path 236. In another embodiment, the associator is integrated with sender 232 and in yet another embodiment, the associator is integrated with packager 220, and in another embodiment, the associator is separate from both sender 232 and packager 220 as illustrated in Figure 3. If the associator is executed on the same machine or computer as the environment in which an electronic message is created, path 236 is obviated.
Policy Selection Policies are typically selected by the sender of an electronic message, although it is possible for an entity such as a corporation to automatically associate policies with each outgoing electronic message. There are at least two different environments from which a user may select policies. The first environment is a client based environment and the second environment is a browser-based environment.
In a client based environment, each client typically has a separate application which provides the user with the ability to create and transmit electronic messages.
The messages are received by a mail server which transmits them to the recipient. In order for a user to select a policy, a module is integrated with the application which permits the user to select and associate policies with an electronic message.
In one embodiment, this is done by installing the module into each separate application for each sender. When a user or sender is creating an electronic message, the module permits the sender to select policies which will be associated with the electronic message or data to be sent. Later, the packager creates an object which comprises the code necessary to enforce the selected polices on the electronic message or data.
In a browser based environment, the application is typically located on a server computer and each user accesses the application using a browser. In one embodiment, the policies are made available to the user by altering options exposed to the user via the web pages which make up the user interface. A user can select the desired policies by simply pointing and clicking. The selected policies are then associated with the electronic message or data and the packager creates an object which has the capability of enforcing those policies.
In both environments, the user selects which polices are to be enforced on the electronic message. The module of the client based environment can be enlarged to include other polices or policies can be removed from an application. In a similar manner, the policies provided in the browser based environment can be removed or expanded. The policies can be adapted to each environment quickly and easily.
A
small install is usually required by the client based applications and the HTML code of the browser based services is easily altered at the server such that all users have access to policies. The selection of policies available to end users or senders may be determined by the original installation or modification previously mentioned.
It may also be determined by a policy selection and configuration environment intended for management by a systems administrator.
Policies The policies which may be selected by a user are usually intended to protect the electronic message or data of the user. For instance, the data may be a balance sheet of a corporation which is only intended to be viewed by a certain accountant. In other instances the data is copyrighted and is being sent electronically to the purchaser. In the case of emails, it is very simple for a recipient to forward an email to one or more persons. However, it is possible that this is not the intent of the sender.
Policies are intended to protect against this and other situations where the data or electronic message is to be protected. The protection provided is not absolute in some instances, but the risk that the data will be used in an unauthorized manner is usually reduced.
A first policy is that of preventing a recipient from forwarding the electronic message to a new user and the policy can be enforced in a variety of methods.
In the first method, the electronic method is encrypted with the public key of the recipient.
Presumably, only the recipient has the private key, which is necessary to decrypt the message. If the electronic message is forwarded, it is forwarded in an encrypted form which the next user cannot decrypt because they do not possess the private key of the original recipient. Another method requires the sender and the recipient to agree co a password in a separate transaction, such as a telephone call, before the electronic message is sent to the recipient. The policies associated and integrated with the electronic message will require the recipient to supply a password before access is granted to the electronic message. If the electronic message is forwarded to another user, the policies will prevent the electronic message from being accessed because the new user presumably does not know the password. A final exemplary method of preventing an electronic message from being forwarded is to prevent the recipient from being able to access the forwarding mechanism of the application. In some instances, this can be done by hiding the forward button of the recipient's electronic messaging application. Depending on the amount of security desired, a different mechanism can be employed for preventing a recipient from forwarding an electronic message. Combinations of the above mentioned methods are also possible. Each of the embodiments described for preventing unauthorized forwarding offers a different amount of security to the sender of the electronic message. In some instances, the intent of the sender may be to simply complicate the process. For example, an expert computer user may be able to forward an electronic message in the case where the forward button is hidden. The typical user, however, will be unable to forward the electronic message.
Another policy which may be selected by the user is the ability to cause an electronic message to expire. This policy can also be implemented in a variety of 1 S methods. In one method, the packager, which may be accessible by a URI, stores a date or time which indicates the expiration date of an object. When a recipient attempts to access the object, the policy of the objects checks the current date or time against the date or time stored at the packager. If the electronic message or object has expired, then access is denied to the recipient. In this embodiment, the data is frequently encrypted as an additional precaution. The source of the current date or time may be the clock on the recipient's computer, an external trusted time source, or a combination of such time sources.
Another embodiment is to store the expiration date at a remote location, which is also accessible using a URI. The object, before allowing the recipient access, checks the expiration time at the remote location, rather than the packager, to determine if the electronic message has expired. Clearly, these methods offer scaled security.
Another policy is the ability to retract an electronic message that has already been sent to a recipient. In one embodiment, the sender can register with the packager to indicate that the electronic message is to be retracted. The object which was sent to the recipient first checks with the packager to determine if the sender desires to retract the object. If the sender has indicated that the object is to be retracted, the policies of the object do not permit the recipient to access the data stored in the object. In this embodiment, the data may be encrypted as a further precaution. The operation of this policy is similar to the expiration policy.
Another policy which may be selected by the user is restricting the ability of the recipient to cut, copy or paste the contents of the object. When the recipient selects text to be cut or copied, the text is placed in a buffer or memory. In one embodiment, the policy of the object detects when text of the data in the object has been selected and placed in the buffer. The policy may either replace the data in the buffer with unrelated digital data or may simply cause the buffer to be emptied. In this manner, the recipient is prevented from cutting, copying and pasting the contents or text of the electronic message in the object.
The policies described above are intended to be exemplary of the type of policies which may be selected by the sender of an electronic message and are not intended to be limiting. The policies which may be made available to a sender can be altered or removed. Additional policies can be made available for the use of the sender and the policies can be enforced in a variety of methods. In some instances.
the purpose of the policies is related to risk management of the data rather than absolute security. However, the level of risk to the data can be varied as determined by the policy and the strength of the policy selected. An electronic message can be associated with more than one policy and in some instances, the policies to be enforced can be located in a remote location. The policies can be enforced in both client based and browser based environments.
The present invention may be embodied in other specific forms without departing from its spirit or essential characteristics. The described embodiments are to be considered in all respects only as illustrative and not restrictive. The scope of the invention is, therefore, indicated by the appended claims rather than by the foregoing description. All changes which come within the meaning and range of equivalency of the claims are to be embraced within their scope.
What is claimed and desired to be secured by United States Letters Patent is:
The present invention may be implemented in both client based systems as well as browser based systems. In environments that do not support the rendering of Hyper Text Markup Language (HTML) within the body of a received email, the object may arrive as an attachment. In one embodiment, the recipient is required to have a Java virtual machine before the policies integrated with the electronic message may be enforced.
Additional objects and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by the practice of the invention. The objects and advantages of the invention may be realized and obtained by means of the instruments and combinations particularly pointed out in the appended claims. These and other objects and features of the present invention will become more fully apparent from the following description and appended claims, or may be learned by the practice of the invention as set forth hereinafter.
WO 00/08794 PC'f/US99/17786 BRIEF DESCRIPTION OF THE DRAWINGS
In order that the manner in which the above-recited and other advantages and objects of the invention are obtained, a more particular description of the invention briefly described above will be rendered by reference to specific embodiments thereof which are illustrated in the appended drawings. Understanding that these drawings depict only typical embodiments of the invention and are not therefore to be considered limiting of its scope, the invention will be described and explained with additional specificity and detail through the use of the accompanying drawings in which:
Figure 1 is an exemplary system for implementing the present invention;
Figure 2 is a block diagram of an object comprising data packaged with one or mare policies;
Figure 3 is a block diagram illustrating an exemplary method for creating a self executing object; and , Figure 4 is a block diagram of a network implementing the systems and methods of the present invention.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
Electronic messages are used to convey information from one entity to another entity. As used herein, electronic message comprises email, instant messaging, facsimile, video files, audio files, graphics, text, documents, spreadsheets, databases and other data and information. A significant problem with electronic messages is that control of the electronic message passes from the sender to the recipient. In many instances, the sender desires to maintain control of the electronic message.
This is true of confidential or sensitive information as well as of data that is copyrighted or otherwise protected by law.
Electronic messages provide a sender with the ability to quickly transmit information to a recipient, but as previously discussed, certain risks are involved. The protection a sender desires to impart to an electronic message can vary.
Security, in any event, is never absolute. The present invention provides systems and methods for securing electronic messages from unauthorized use.
A sender, in a preferred embodiment of the present invention, creates or prepares an electronic message using either a client based or a browser based application. Policies are made available to the sender and the sender selects one or more of those policies to be associated with the electronic message. A
packager is provided which packages the electronic message with the selected policies into an object. The policies associated with the message are capable of executing or of being executed at the recipient's computer or other rendering device and permit the sender of the electronic message to maintain control over the electronic message in the object. In effect, the use of the electronic message is dictated by the sender of the electronic message. In this manner, the risk of unauthorized use is reduced and the content of the electronic message is secured or protected.
The present invention is described in terms of diagrams and flow charts. Using the diagrams and flow charts in this manner to present the invention should not be construed as limiting its scope. The embodiments of the present invention may comprise a special purpose or general purpose computer comprising various computer hardware.
Embodiments within the scope of the present invention also include computer-readable media having computer-executable instructions or data structures stored thereon.
Such computer-readable media can be any available media which can be accessed by a general purpose or special purpose computer. By way of example, and not limitation, such computer-readable media can comprise RAM, ROM, EEPROM, CD-ROM or other optical disk storage, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired executable instructions or data structures and which can be accessed by a general purpose or special purpose computer.
When information is transferred or provided over a network or other communication connection to a computer, the computer properly views the connection as a computer-readable medium. Thus, such a connection is also properly termed a computer-readable medium.
Combinations of the above should also be included within the scope of computer-readable media. Computer-executable instructions comprise, for example, instructions and data which cause a general purpose computer, special purpose computer, or special purpose processing device to perform a certain function or group of functions.
The computer-executable instructions and associated data structures represent an example of program code means for executing the steps of the invention disclosed herein.
Figure 1 and the following discussion are intended to provide a brief, general description of a suitable computing environment in which the invention may be implemented. Although not required, the invention will be described in the general context of computer-executable instructions, such as program modules, being executed S by a personal computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. Moreover, those skilled in the art will appreciate that the invention may be practiced with other computer system configurations, including hand-held devices, mufti-processor systems, microprocessor-based or programmable consumer electronics, network PCs, minicomputers, mainframe computers, and the like.
The invention may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote memory storage devices.
With reference to Figure 1, an exemplary system for implementing the invention includes a general purpose computing device in the form of a conventional computer 20, including a processing unit 21, a system memory 22, and a system bus 23 that couples various system components including the system memory to the processing unit.
The system bus 23 may be any of several types of bus structures including a memory bus or memory controller, a peripheral bus, and a local bus using any of a variety of bus architectures. The system memory includes read only memory (ROM) 24 and random access memory (RAM) 25. A basic input/output system (BIOS) 26, containing the basic routines that help to transfer information between elements within the computer 20, such as during start-up, may be stored in ROM 24. The computer 20 may also include a magnetic hard disk drive 27 for reading from and writing to a magnetic hard disk, not shown, a magnetic disk drive 28 for reading from or writing to a removable magnetic disk 29, and an optical disk drive 30 for reading from or writing to removable optical disk 31 such as a CD-ROM or other optical media. The magnetic hard disk drive 27, magnetic disk drive 28, and optical disk drive 30 are connected to the system bus 23 by a hard disk drive interface 32, a magnetic disk drive-interface 33, and an optical drive interface 34, respectively. The drives and their associated computer-readable media provide nonvolatile storage of computer readable instructions, data structures, program modules and other data for the computer 20. Although the exemplary environment described herein employs a magnetic hard disk 27, a removable magnetic disk 29 and a removable optical disk 31, it should be appreciated by those skilled in the art that other types of computer readable media which can store data that is accessible by a computer, such as magnetic cassettes, flash memory cards, digital video disks, Bernoulli cartridges.
random access memories (RAMS), read only memories (ROM), and the like, may also be used in the exemplary operating environment.
A number of program modules may be stored on the hard disk, magnetic disk 29, optical disk 31, ROM 24 or RAM 25, including an operating system 35, one or more application programs 36, other program modules 37, and program data 38. A user may enter commands and information into the computer 20 through input devices such as a keyboard 40 and pointing device 42. Other input devices (not shown) may include a microphone, joy stick, game pad, satellite dish, scanner, or the like. These and other input devices are often connected to the processing unit 21 through a serial port interface 46 that is coupled to system bus 23, but may be connected by other interfaces, such as a parallel port, game port or a universal serial bus (USB). A monitor 47 or other type of display device is also connected to system bus 23 via an interface, such as video adapter 48. In addition to the monitor, personal computers typically include other peripheral output devices (not shown), such as speakers and printers.
WO 00/08794 PCT/US99/1778b The computer 20 may operate in a networked environment using logical connections to one or more remote computers, such as a remote computer 49.
Remote computer 49 may be another personal computer, a server, a router, a network PC, a peer device or other common network node, and typically includes many or all of the elements described above relative to the computer 20, although only a memory storage device SO
has been illustrated in Figure 1. The logical connections depicted in Figure 1 include a local area network (LAN) 51 and a wide area network (WAN) 52 that are presented here by way of example and not limitation. Such networking environments are commonplace in offices enterprise-wide computer networks, intranets and the Internet.
When used in a LAN networking environment, the computer 20 is connected to the local network 51 through a network interface or adapter 53. When used in a WAN networking environment, the computer 20 typically includes a modem 54 or other means for establishing communications over the wide area network 52, such as the Internet. Additionally, computer networks may comprise wireless networks.
The modem 54, which may be internal or external, is connected to the system bus 23 via the serial port interface 46. In a networked environment, program modules depicted relative to the computer 20, or portions thereof, may be stored in the remote memory storage device. It will be appreciated that the network connections shown are exemplary and other means of establishing a communications link between the computers may be used.
Figure 2 is a block diagram conceptually illustrating data to which access is restricted by policies. Electronic message 204 can be an email, an instant message, a video clip, an audio file, a document, a file, a Universal Resource Identifier (URI) or any other type of data which is to be protected. Polices 202 are intended to define how electronic message 204 can be used or accessed. Policies 202 and electronic message 204 are coupled or packaged together to form object 200.
Policies 202 are an important aspect of object 200 because policies 202 define, in one embodiment: the method of revealing or rendering electronic message 204;
how electronic message 204 is to be accessed; and the ways in which a user may interact with or use electronic message 204. Exemplary polices, which may be selected by a sender of electronic message 204, include but are not limited to:
indicating whether the recipient is permitted to forward electronic message 204 to another user; indicating whether a recipient is permitted to copy, paste or cut the content of electronic message 204; indicating whether a recipient is permitted to save electronic message 204 separate from policies 202; indicating whether a sender is able to retract electronic message 204 that has been sent or forwarded to the recipient or another user; and indicating whether a user can print electronic message 204.
Other policies 202 may specify and/or include:
a date before which an electronic message may not be used, or a date after which an electronic message may no longer be used, or a time window in which the electronic message may be accessed;
the number of times an electronic message may be opened or accessed;
an audit trail, in which data pertaining to the usage history of an electronic message is captured and stored in a file or sent to another party, which may be the sender of the electronic message;
acceptance conditions or the presentation of acceptance conditions, which the recipient must accept before the electronic message is accessed or opened, and the recording of the recipient's acceptance or rejection of the acceptance conditions as well as notification to a party, such as the sender, that the acceptance conditions have been accepted or rejected;
the number of times an electronic message may be accessed, opened or read, which may be once;
that a record of the use of the electronic message by the recipient may be created and sent or forwarded to another party which may be the sender;
that only a specific number or a larger number of electronic messages may be accessed or opened;
that only the first N number of copies of an electronic message may be opened oraccessed;
that the receiver must choose a password or a pass phrase, which will be required for subsequent attempts to open the electronic message;
that only one copy of the electronic message is ever accessible or readable. and that the determination of which copy of the electronic message may be opened may depend on which copy is opened first, last, or by other conditions;
that messages require another condition to occur and that the conditions may be provided by an external source;
authorization via public key systems, symmetric key systems, passphrases, biometric characteristics, company badges, smart cards, JavaRings, or other forms of personal or group authorization;
that electronic messages are only accessible or readable in a specified order by particular recipients as in a routing slip;
that an electronic message cannot be captured by a printscreen function or other memory capturing method; and that messages are only readable or accessible under specific environmental conditions, such as the time of day, the location of the attempt to access the electronic message, when another person is logged in and viewing the audit logs, etc.
Other polices can be implemented and all polices can be combined in complex relations.
Clearly, many policies can be implemented and enforced with respect to an electronic message.
In another embodiment, policies 202 may comprise a URI reference. The URI
reference, which may be remotely located with respect to both the sender and recipient of the electronic message may contain the actual polices that the sender desires to enforce. In this instance, the policy packaged in the object would be the requirement to look to a remote source or location for additional policies which may affect the recipient's access to the electronic message.
IO
Figure 3 is illustrative of the method by which object 200 is formed.
Electronic message 204 is gathered or created by a user. For instance, a user may create an email which is to be sent to a recipient. The email, in this case, would be electronic message 204. After electronic message 204 has been created, associator 222 associates policies 202, which have been selected by the sender, with electronic message 204. At associator 222, policies 222 which are linked or associated with electronic message 204 and are not yet enforceable.
After electronic message 204 and policies 202 are associated, packager 220 packages them to create object 200. In one embodiment, this is done by creating a JAVA applet which is capable of executing on any recipient having a Java virtual machine. In other words, policies 202, in one embodiment, are computer-executable instructions that are capable of executing on a remote computer. In another embodiment, the policies packaged with an electronic message are coded instructions 1 S which invoke computer-executable instructions which reside in a separate or remote environment or location. For example, the local network of the recipient may have the computer-executable instructions necessary to execute the coded instructions stored on a server which is accessible by the recipient, or the computer of the recipient may contain the necessary computer-executable instructions, or the computer-executable instructions referenced by the coded instructions may reside on a remote location or environment. In other words, the policies packaged in an object can be executed and enforced in a variety of methods.
Once object 200 is formed, policies 202 are active and will control the recipient's access and use of electronic message 204. In this manner, object 200 is self enforcing. In systems having a form of electronic messaging, such as email, the sender is no longer in physical control of the electronic message after it has been sent.
Creating an object, which comprises data and computer-executable instructions, permits the sender of the data to ensure that the data is used appropriately by the recipient.
In addition to packaging data 202 with policies 204, packager 220, or associator 222 has the capability to encrypt electronic message 204. The encryption of data 202, in one embodiment, is to ensure that only the intended recipient has the capability of decrypting data 202. For example, if electronic message 204 is encrypted with a key that only a particular recipient possesses, forwarding data 202 to another user, while possible, is essentially useless because the data remains encrypted.
The encryption is typically performed using methods well known in the art. In another embodiment, the encryption is to ensure that only when the conditions specified in the policies are satisfied can the message be decrypted and viewed.
Figure 4 is a block diagram of an exemplary system in which electronic messages may be sent. Network 230 is illustrated having a plurality of senders 232, packager 220, server 234 and path 236. Senders 232 are intended to be representative of the source of an electronic message or other data. In a preferred embodiment, sender 232 is a computer as described in Figure 1 which has the capability of creating and sending or transmitting an electronic message. Server 234 may also be embodied as a computer having the capability of sending or forwarding electronic messages created by sender 232. Server 234, in a preferred embodiment is a mail server or a web server. Packager 220, as described previously, creates object 200.
Packager 220 may also be embodied as a computer and is located, in a preferred embodiment, in the network such that all electronic messages are examined WO 00/08794 PCfNS99/17786 or monitored by packager 220. Those electronic messages that have been associated with policies are manipulated by packager 220 to form object 200. Electronic messages that are not associated with policies are typically ignored by packager 220.
S Server 234, upon receiving an electronic message, forwards or sends the electronic message to recipient 242. Typically, sender 232 and recipient 242 are connected via a network. In figure 4, Internet 238 is the connecting network.
The electronic message, or object arrives at server 240 at which point recipient 242 is notified that an electronic message has arrived. Figure 4 illustrates that electronic messages or objects are sent and received in well known methods with the difference that packager 220 creates an object which is self enforcing. In other words, the policies of the sent object define what recipient 242 can do with the electronic message in the object, rather than the particular application of the user.
Recipient 242, upon receiving the object, will only be able to access the data in the object as determined by the policies. In some embodiments, the policies are part of the object. In other embodiments, the policies may refer to a remote location which is independent of sender 232. For instance, source 244, which may be referenced by a URI, may contain the policies which are to be enforced against recipient 242. The object received by recipient 242, in this example, would cause source 244 to be accessed to determine the policies to be enforced against recipient 242.
Path 236 is representative of the path of the electronic message from sender 232 to packager 220. While the electronic message is in path 236, an object has not been formed and the electronic message is potentially discoverable by unauthorized persons. To protect against this possibility, a cryptographically secure connection may be employed for the transport of the electronic message.
In another embodiment, path 236 first leads to an associator, shown in Figure 3, which is located between sender 232 and packager 220. The associator typically performs a function separate from the function of the packager, but the associator is capable of performing its function at sender 232, at packager 220. or at some point in path 236. In another embodiment, the associator is integrated with sender 232 and in yet another embodiment, the associator is integrated with packager 220, and in another embodiment, the associator is separate from both sender 232 and packager 220 as illustrated in Figure 3. If the associator is executed on the same machine or computer as the environment in which an electronic message is created, path 236 is obviated.
Policy Selection Policies are typically selected by the sender of an electronic message, although it is possible for an entity such as a corporation to automatically associate policies with each outgoing electronic message. There are at least two different environments from which a user may select policies. The first environment is a client based environment and the second environment is a browser-based environment.
In a client based environment, each client typically has a separate application which provides the user with the ability to create and transmit electronic messages.
The messages are received by a mail server which transmits them to the recipient. In order for a user to select a policy, a module is integrated with the application which permits the user to select and associate policies with an electronic message.
In one embodiment, this is done by installing the module into each separate application for each sender. When a user or sender is creating an electronic message, the module permits the sender to select policies which will be associated with the electronic message or data to be sent. Later, the packager creates an object which comprises the code necessary to enforce the selected polices on the electronic message or data.
In a browser based environment, the application is typically located on a server computer and each user accesses the application using a browser. In one embodiment, the policies are made available to the user by altering options exposed to the user via the web pages which make up the user interface. A user can select the desired policies by simply pointing and clicking. The selected policies are then associated with the electronic message or data and the packager creates an object which has the capability of enforcing those policies.
In both environments, the user selects which polices are to be enforced on the electronic message. The module of the client based environment can be enlarged to include other polices or policies can be removed from an application. In a similar manner, the policies provided in the browser based environment can be removed or expanded. The policies can be adapted to each environment quickly and easily.
A
small install is usually required by the client based applications and the HTML code of the browser based services is easily altered at the server such that all users have access to policies. The selection of policies available to end users or senders may be determined by the original installation or modification previously mentioned.
It may also be determined by a policy selection and configuration environment intended for management by a systems administrator.
Policies The policies which may be selected by a user are usually intended to protect the electronic message or data of the user. For instance, the data may be a balance sheet of a corporation which is only intended to be viewed by a certain accountant. In other instances the data is copyrighted and is being sent electronically to the purchaser. In the case of emails, it is very simple for a recipient to forward an email to one or more persons. However, it is possible that this is not the intent of the sender.
Policies are intended to protect against this and other situations where the data or electronic message is to be protected. The protection provided is not absolute in some instances, but the risk that the data will be used in an unauthorized manner is usually reduced.
A first policy is that of preventing a recipient from forwarding the electronic message to a new user and the policy can be enforced in a variety of methods.
In the first method, the electronic method is encrypted with the public key of the recipient.
Presumably, only the recipient has the private key, which is necessary to decrypt the message. If the electronic message is forwarded, it is forwarded in an encrypted form which the next user cannot decrypt because they do not possess the private key of the original recipient. Another method requires the sender and the recipient to agree co a password in a separate transaction, such as a telephone call, before the electronic message is sent to the recipient. The policies associated and integrated with the electronic message will require the recipient to supply a password before access is granted to the electronic message. If the electronic message is forwarded to another user, the policies will prevent the electronic message from being accessed because the new user presumably does not know the password. A final exemplary method of preventing an electronic message from being forwarded is to prevent the recipient from being able to access the forwarding mechanism of the application. In some instances, this can be done by hiding the forward button of the recipient's electronic messaging application. Depending on the amount of security desired, a different mechanism can be employed for preventing a recipient from forwarding an electronic message. Combinations of the above mentioned methods are also possible. Each of the embodiments described for preventing unauthorized forwarding offers a different amount of security to the sender of the electronic message. In some instances, the intent of the sender may be to simply complicate the process. For example, an expert computer user may be able to forward an electronic message in the case where the forward button is hidden. The typical user, however, will be unable to forward the electronic message.
Another policy which may be selected by the user is the ability to cause an electronic message to expire. This policy can also be implemented in a variety of 1 S methods. In one method, the packager, which may be accessible by a URI, stores a date or time which indicates the expiration date of an object. When a recipient attempts to access the object, the policy of the objects checks the current date or time against the date or time stored at the packager. If the electronic message or object has expired, then access is denied to the recipient. In this embodiment, the data is frequently encrypted as an additional precaution. The source of the current date or time may be the clock on the recipient's computer, an external trusted time source, or a combination of such time sources.
Another embodiment is to store the expiration date at a remote location, which is also accessible using a URI. The object, before allowing the recipient access, checks the expiration time at the remote location, rather than the packager, to determine if the electronic message has expired. Clearly, these methods offer scaled security.
Another policy is the ability to retract an electronic message that has already been sent to a recipient. In one embodiment, the sender can register with the packager to indicate that the electronic message is to be retracted. The object which was sent to the recipient first checks with the packager to determine if the sender desires to retract the object. If the sender has indicated that the object is to be retracted, the policies of the object do not permit the recipient to access the data stored in the object. In this embodiment, the data may be encrypted as a further precaution. The operation of this policy is similar to the expiration policy.
Another policy which may be selected by the user is restricting the ability of the recipient to cut, copy or paste the contents of the object. When the recipient selects text to be cut or copied, the text is placed in a buffer or memory. In one embodiment, the policy of the object detects when text of the data in the object has been selected and placed in the buffer. The policy may either replace the data in the buffer with unrelated digital data or may simply cause the buffer to be emptied. In this manner, the recipient is prevented from cutting, copying and pasting the contents or text of the electronic message in the object.
The policies described above are intended to be exemplary of the type of policies which may be selected by the sender of an electronic message and are not intended to be limiting. The policies which may be made available to a sender can be altered or removed. Additional policies can be made available for the use of the sender and the policies can be enforced in a variety of methods. In some instances.
the purpose of the policies is related to risk management of the data rather than absolute security. However, the level of risk to the data can be varied as determined by the policy and the strength of the policy selected. An electronic message can be associated with more than one policy and in some instances, the policies to be enforced can be located in a remote location. The policies can be enforced in both client based and browser based environments.
The present invention may be embodied in other specific forms without departing from its spirit or essential characteristics. The described embodiments are to be considered in all respects only as illustrative and not restrictive. The scope of the invention is, therefore, indicated by the appended claims rather than by the foregoing description. All changes which come within the meaning and range of equivalency of the claims are to be embraced within their scope.
What is claimed and desired to be secured by United States Letters Patent is:
Claims (37)
1. A method for creating a self enforcing object, the method comprising the steps of:
creating, by a sender, an electronic message;
associating one or more policies with the electronic message; and packaging the electronic message with the one or more policies to form the self enforcing object.
creating, by a sender, an electronic message;
associating one or more policies with the electronic message; and packaging the electronic message with the one or more policies to form the self enforcing object.
2. A method as defined in claim 1, wherein the electronic message comprises an email.
3. A method as defined in claim 1, wherein the electronic message comprises an instant message.
4. A method as defined in claim 1, wherein the step of associating one or more policies with the electronic message further comprises the step of selecting, by the user, one or more policies.
5. A method as defined in claim 1, further comprising the step of encrypting the electronic message.
6. A method as defined in claim 1, wherein the one or more policies comprise computer-executable code.
7. A method as defined in claim 1, wherein the one or more policies comprise coded instructions which invoke computer-executable code which reside in a remote environment.
8. A method as defined in claim 1, wherein the policies control access to the electronic message.
9. A method as defined in claim 1, wherein the policies render the electronic message to a recipient of the electronic message.
10. A computer-readable medium having computer-readable instructions for performing the steps recited in claim 1.
11. A method for rendering an object having an electronic message at a recipient, the method comprising the steps of:
receiving the object at the recipient;
executing one or more policies packaged in the object with the electronic message; and rendering, to the recipient, the electronic message according to the one or more policies.
receiving the object at the recipient;
executing one or more policies packaged in the object with the electronic message; and rendering, to the recipient, the electronic message according to the one or more policies.
12. A method as defined in claim 11, wherein the one or more policies comprise computer-executable code capable of executing on more than one computer.
13. A method as defined in claim 11, wherein the one or more policies comprise coded instructions which invoke computer-executable instructions which reside in a separate environment.
14. A method as defined in claim 11, wherein the one or more policies control access to the electronic message.
15. A method as defined in claim 11, wherein the step of rendering the electronic message further comprises the step of decrypting the electronic message.
16. A method as defined in claim 11, wherein the one or more policies prevents the electronic message from being forwarded.
17. A method as defined in claim 11, wherein the one or more policies enables a sender to retract an electronic message.
18. A method as defined in claim 11, wherein the one or more policies prevents an electronic message from being cut.
19. A method as defined in claim 11, wherein the one or more policies prevents an electronic message from being copied.
20. A method as defined in claim 11, wherein the one or more policies prevents an electronic message from being opened.
21. A method as defined in claim 11, wherein the one or more policies determines if the electronic message has expired.
22. A method as defined in claim 11, wherein the one or more policies prevents an electronic message from being printed.
23. A method as defined in claim 11, wherein the one or more policies prevents the electronic message being displayed on a display device from being captured via a printscreen function.
24. A method as defined in claim 11, wherein the one or more policies comprises a URI.
25. A computer-readable medium having computer-executable instructions for performing the steps recited in claim 11.
26. A method for controlling access by a recipient to an electronic message, the method comprising the steps of:
associating the electronic message with one or more policies;
packaging the one or more policies with the electronic message to form an object;
sending the object to the recipient; and executing, at the recipient, the policies packaged with the electronic message.
associating the electronic message with one or more policies;
packaging the one or more policies with the electronic message to form an object;
sending the object to the recipient; and executing, at the recipient, the policies packaged with the electronic message.
27. A method as defined in claim 26, wherein the step of associating the electronic message further comprises the step of creating the electronic message.
28. A method as defined in claim 26, wherein the step of associating the electronic message further comprises the step of encrypting the electronic message.
29. A method as defined in claim 26, wherein the step of associating the electronic message further comprises the step of encrypting the one or more policies associated with the electronic message.
30. A method as defined in claim 26, wherein the step of associating the electronic message further comprises the step of selecting the one or more policies from a group of policies comprising:
a first policy for controlling whether the electronic message may be forwarded;
a second policy for controlling when the electronic message expires;
a third policy for retracting the electronic message;
a fourth policy for opening the electronic message;
a fifth policy for preventing the recipient from cutting the electronic message; and a sixth policy for preventing the recipient from copying the electronic message.
a first policy for controlling whether the electronic message may be forwarded;
a second policy for controlling when the electronic message expires;
a third policy for retracting the electronic message;
a fourth policy for opening the electronic message;
a fifth policy for preventing the recipient from cutting the electronic message; and a sixth policy for preventing the recipient from copying the electronic message.
31. A method as defined in claim 26, wherein the one or more policies comprise computer-executable instructions.
32. A method as defined in claim 26, wherein the one or more polices comprise coded instructions which invoke computer-executable code which reside in a separate environment.
33. A computer-readable medium having computer-executable instructions for performing the steps recited in claim 26.
34. A method for packaging an electronic message with one or more policies, the method comprising the steps of:
monitoring a network for electronic messages associated with one or more policies sent by a sender;
creating, at a packager, an object for those electronic messages associated with one or more policies; and sending the object to a recipient specified by the sender.
monitoring a network for electronic messages associated with one or more policies sent by a sender;
creating, at a packager, an object for those electronic messages associated with one or more policies; and sending the object to a recipient specified by the sender.
35. A method as defined in claim 34, wherein the object comprises computer-executable code integrated with the electronic message, wherein the computer-executable code is representative of the one or more policies.
36. A method as defined in claim 34, wherein the object comprises coded instructions which reference computer-executable code stored in a remote location, wherein the coded instructions are representative of the one or more policies.
37. A method as defined in claim 34, wherein the step of creating an object further comprises the step of encrypting the electronic message.
Applications Claiming Priority (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US12946798A | 1998-08-04 | 1998-08-04 | |
US09/129,467 | 1998-08-04 | ||
US36844899A | 1999-08-04 | 1999-08-04 | |
PCT/US1999/017786 WO2000008794A2 (en) | 1998-08-04 | 1999-08-04 | Systems and methods for securing electronic message |
US09/368,448 | 1999-08-04 |
Publications (1)
Publication Number | Publication Date |
---|---|
CA2339228A1 true CA2339228A1 (en) | 2000-02-17 |
Family
ID=26827598
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CA002339228A Abandoned CA2339228A1 (en) | 1998-08-04 | 1999-08-04 | Systems and methods for securing electronic message |
Country Status (3)
Country | Link |
---|---|
CN (1) | CN1332881A (en) |
CA (1) | CA2339228A1 (en) |
HK (1) | HK1040561A1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7752271B2 (en) * | 2004-06-01 | 2010-07-06 | International Business Machines Corporation | Method of retracting an instant message |
Families Citing this family (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7430754B2 (en) * | 2004-03-23 | 2008-09-30 | Microsoft Corporation | Method for dynamic application of rights management policy |
US8117595B2 (en) | 2004-03-23 | 2012-02-14 | Microsoft Corporation | Method for updating data in accordance with rights management policy |
US9838349B2 (en) * | 2010-03-08 | 2017-12-05 | Microsoft Technology Licensing, Llc | Zone classification of electronic mail messages |
CN104182698B (en) * | 2014-08-18 | 2018-01-16 | 联想(北京)有限公司 | A kind of data clearing method and electronic equipment |
CN106789574A (en) * | 2016-12-21 | 2017-05-31 | 北京奇虎科技有限公司 | A kind of e-mail sending method, mail control method, transmitting terminal and receiving terminal |
CN109165517B (en) * | 2018-08-16 | 2024-06-25 | 腾讯科技(深圳)有限公司 | Method, device, medium and equipment for preventing information leakage |
CN112434328B (en) * | 2019-08-26 | 2024-04-05 | 钉钉控股(开曼)有限公司 | Message forwarding (transferring) mail forwarding method and electronic equipment |
-
1999
- 1999-08-04 CA CA002339228A patent/CA2339228A1/en not_active Abandoned
- 1999-08-04 CN CN 99809349 patent/CN1332881A/en active Pending
-
2002
- 2002-03-18 HK HK02102060.9A patent/HK1040561A1/en unknown
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7752271B2 (en) * | 2004-06-01 | 2010-07-06 | International Business Machines Corporation | Method of retracting an instant message |
Also Published As
Publication number | Publication date |
---|---|
CN1332881A (en) | 2002-01-23 |
HK1040561A1 (en) | 2002-06-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7093136B2 (en) | Methods, systems, computer program products, and data structures for limiting the dissemination of electronic email | |
JP3932319B2 (en) | Email firewall using encryption / decryption with stored key | |
US7454778B2 (en) | Enforcing rights management through edge email servers | |
EP1386242B1 (en) | Privileged e-mail system with routing controls | |
AU2010100501A4 (en) | Method and system for message classification of web email | |
EP1735934B1 (en) | Method for dynamic application of rights management policy | |
US7373602B2 (en) | Method for reading electronic mail in plain text | |
US20150113269A1 (en) | Highly accurate security and filtering software | |
US20020143885A1 (en) | Encrypted e-mail reader and responder system, method, and computer program product | |
US20080065891A1 (en) | Opaque message archives | |
US8219798B1 (en) | Method and system for securing E-mail transmissions | |
US20020107928A1 (en) | Process and apparatus for email handling | |
JP2005056418A (en) | Security container for document component | |
JP2004046811A (en) | Transmitter firewall | |
WO2000008794A2 (en) | Systems and methods for securing electronic message | |
US8001614B2 (en) | System and method for making encrypted content available to derivable related parties | |
US20060031352A1 (en) | Tamper-proof electronic messaging | |
CA2339228A1 (en) | Systems and methods for securing electronic message | |
WO2001050691A2 (en) | Sender-controlled post delivery handling of digitally delivered documents in a computer network | |
WO2005109795A1 (en) | Tamper-proof electronic messaging | |
JP2006072685A (en) | Email processing device | |
JP2008219743A (en) | File encryption management system and method of implementing same system | |
AU2014215972B2 (en) | Method of and system for message classification of web email | |
Poore | Computer Forensics and Privacy: At What Price Do We Police the Internet? | |
AU761129B2 (en) | Self-destructing document and E-mail messaging system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
FZDE | Discontinued |