CN1304610A - Security method and apparatus for a secure data transmission system - Google Patents

Abstract

An apparatus and method for creating a secure file at a sending location using installed software. The secure file includes an executable program that is executed to decrypt the secure file when received and opened. A password or pass phrase may be included to prevent unauthorized access to the secure document. A secure reply option may be provided that, if selected, allows the received program to encrypt a reply and transmit the encrypted reply to the sending location. The installed software can then open the reply. In another embodiment, the executable program connects to a predetermined global computer network address, and provides the program to decrypt the secure message. In addition, the executable program and/or the program downloaded from the website can communicate with a second global computer network site that is commanded to make a specific selection action. The confirmation can be returned from the receiving location or from the second global computer network address to the sending location.

Description

Security method and apparatus for a secure data transfer system

This application is a continuation-in-part of Provisional Patent Application Serial No. 60/125,437, filed March 22, 1999.

Background technology of the present invention

1. Field of the invention

The present invention relates to a data transmission system, and more particularly to a method and device for transmitting a confidential document, enabling a recipient to check the document and provide a confidential response without having special equipment at the receiving end.

2. Description of related technologies

Most prior art secure data systems require special arrangements at the transmitting and receiving ends in order to recover secure information and provide secure responses. Such systems usually include encryption and decryption means at both ends of the message.

Clearly, the sender must have the equipment to convert the unencrypted text into some encrypted or encoded format that is unreadable to someone who lacks compatible equipment on the receiving end. Because there are so many different types and styles of encryption and encoding in attempts to obtain secure communications, and because there is no single standard system, the probability that a sender and receiver will have compatible encryption systems is low.

The Internet (global computer network) is a rapidly developing medium for information exchange. Although much information is of undetermined value, the use of the Internet as a carrier of e-commerce means that there is a greater need to provide confidentiality for data transmission.

Different types of data transfer present different risks and obstacles and require adequate protection against tampering, corruption, theft, unauthorized access, etc. Many software and hardware products that provide such privacy to Internet data require users at both ends of the transaction (ie, sender and receiver) to have the same software components or at least one highly compatible device.

This requirement to have nearly identical software at both ends of the data exchange is very restrictive. Imagine an exchange involving parties from five different organizations! This requirement can be (and has been) addressed with products such as Norton Secret Stuff from Symantec, Zip and WinZip from PKWare, Universal Envelope from VIAexpress, and Envelope98 from the assignee of the present invention. Each product "packages" the message to be delivered in an "electronic envelope". This "envelope" contains all the computer code and logic necessary to protect the message during transmission and extract it at the receiving end.

This "envelope" successfully protects the transmitted data from reaching the receiver. In many cases, however, the receiver may wish (or be required) to acknowledge, and the acknowledgement must also be protected during transmission. In this way, the problem happened again. Receivers are required to install and use some type of cryptographic software or hardware to protect responses.

Most importantly, this problem must be solved in a way that is simple to use and does not require an excessive amount of preparation (ie, creating and distributing certificates and public keys, maintaining authentication links and public key loops). Generally, where there is a need to transfer data securely and bi-directionally between two entities (directly or via a dedicated or public communication system), the same or highly compatible software and/or hardware. Difficulties arise whenever one party wishes to exchange information with multiple parties. Even so, it may be difficult to ensure that both parties have devices capable of communicating with each other.

There are many products and technologies that can solve this problem. They include the well-known technologies of PGP ("pretty good privacy"), PEM, S/MIME and SSL. In each case, the systems are not cross-compatible (ie, messages encrypted with the PGP system cannot be decrypted with S/MIME, and vice versa). In addition, users of these systems are forced to enter into a complex series of operations to prepare for data exchange (ie key generation, authentication certificates, etc.). Some systems require the participation of a trusted third party to authenticate the identities of the parties involved in the data transfer.

While existing systems are useful in certain situations, their adoption has been slow and limited due to high costs (in the form of computer resources and user time) and limited cross-compatibility.

For example, if two users from the same organization wish to communicate using PGP, they will use a central computer (authentication/key server) to exchange public keys. Essentially, such a server would ensure that each user identifies the other user and provide each user with the other user's encryption key. Since most organizations will choose a single system to use for private message exchange (ie, PGP), users can now exchange e-mail easily and privately.

However, if the two users are from different organizations, there may not be a central computer to be used as a "certificate authority". Thus, users must exchange keys in person or by mail. They can also rely on trusted third parties to provide this service. Both users will still have to establish a common standard to encrypt their data using standard PGP, PEM, S/MIME, etc. One or both parties must exchange such agreed standards.

Obviously, the extra overhead incurred in this process greatly complicates the required exchange. If the exchange is between two or more users belonging to two or more organizations, the level of complexity increases rapidly. A simpler solution is therefore required.

Two users with "electronic envelope" software can exchange information without first agreeing to a standard system. However, each user must have some form of electronic envelope system installed in his computer. Even the "electronic envelope" system described above cannot transfer data in both directions between parties unless all "transmitting" parties have installed the same cryptographic software on their computers.

Summary of the invention

According to the present invention, users are provided with the ability to send "electronic envelopes" over private and public communication networks, including electronic mail. The information sent is protected from unauthorized access, deterioration, tampering and theft in transit, and the "electronic envelope" allows the receiving user to decrypt the message without having to install any cryptographic software or hardware.

The present invention includes a "Secret Response" feature which allows the recipient of an encoded message to encrypt and return a message to the sender, again without requiring any cryptographic software to be installed. The present invention gives the recipient's reply the same level of protection and confidentiality as the original encryption provided to the sender.

The present invention is also relatively easy to use, requiring only that the two parties exchange keys (called "passphrases") through any available communication mode such as telephone conversations, mail, personal communication or any other mode. Keys can be changed frequently, thus enhancing security.

Not all users exchanging information are required to install the system of the present invention. For example, in a system where a service vendor sends invoices (via email) to selected customers, those customers do not need to install any cryptographic software. The present invention provides all the necessary functionality to allow instructions for payment to be returned securely to the vendor. The same system using S/MIME or any other existing system would require all users to exchange keys with the vendor and obtain compatible software.

It is conceivable that two people from different companies, for example, Alice, who works at Widget Manufacturing Corporation (WMC), and Bob, who works at WidgetBits, Inc., the supplier of components required by the Widget factory, need to communicate encrypted. Alice needs a plan from Bob to provide the Widget part to WMC within six months.

Because the Widget market is such a competitive environment, both Alice and Bob know very well that if their competitors obtain Alice's request information or Bob's response information, it may be harmful to their respective business interests. Therefore, they should use the system of the present invention to conduct their business.

Alice starts creating a Request for Planning (RFP) document using any word processor. She then uses the invention to encrypt her file, "packaging" it in a self-decrypting "envelope". She also gives Bob a property that gives him the ability to encrypt his responses. Finally, she sends this "envelope" to Bob using whatever means she chooses, e-mail, file transfer, or copying the file to disk and mailing it, to name a few.

Continuing with the similar "envelope" discussion, when Bob receives an encrypted message ("envelope"), he opens it using a previously received "passphrase". The file is then decrypted. Bob is sure that no one saw the file while it was being transferred and that it was not corrupted or modified in any way.

Bob is now free to write his plans. He again uses any word processor, creates a file to send to Alice as his reply. When the file is ready, he opens the original "envelope" again and provides the passphrase. Provides the option to create a confidential answer. If selected, the scheme is encrypted using the same passphrase used to decrypt the original message. Bob is then free to send his plan, using arbitrary processing in his plan, back to Alice as a confidential answer file.

Once the encrypted reply is received, Alice decrypts it using the original encryption-decryption procedure and the original passphrase of the present invention. Now she can read Bob's plan and proceed with her business.

Another example of use of the present invention is a billing and payment processing system in an electronic commerce environment. This type of system utilizes the ability to provide secure responses for a number of dedicated purposes and implements a different user interface than the preferred embodiment of the present invention. However, the ability to provide confidential responses is unchanged.

In a (very simple) electronic billing and payment system, two parties communicate over an e-mail connection. The two parties will first agree on a password or phrase (it can also be a personal identification number or "password") through which the data transmitted is encrypted with the password. The seller sends the customer an invoice or statement reflecting transaction activity and the amount owed. The customer responds with payment instructions and authorizations.

For example, a seller will prepare a checklist. This list is then encrypted and enclosed in an "envelope" along with a special program designed to collect customer payment instructions. This envelope is emailed to the customer. The customer opens the envelope using a password or phrase previously agreed upon with the vendor. Once the contents of the envelope are decrypted, the manifest is provided to the customer.

When the customer is ready to pay the vendor, the envelope is opened again and a dedicated program is automatically executed, providing the customer with various payment options. When the customer has selected a payment method, a confidential response is generated (the payment selection program has automatically requested a secure response from the original envelope).

The confidential response is then emailed back to the vendor. When the merchant receives the customer's confidential response, an automated process decrypts the response, extracts the customer's payment instructions and submits them for further processing. A working system for such electronic billing and payment is found in the patented product of the assignee of the present invention.

The purpose of providing the secure reply feature is to allow two computer users to communicate securely (ie, using encrypted data files) if only one of them has the required cryptographic software. Regardless of the software required, both parties decrypt the messages sent, and the replies to the original messages are encrypted for transmission.

Secret replies can also be used in any situation where confirmation that a message was received and correctly decrypted is required when a secret reply cannot be created without knowing the correct password or phrase. In addition, the content of the identification itself may be useful to competing businesses or individuals, such that encrypted responses provide the required secrecy.

Such a working system for implementing electronic billing and payment is provided in a patented product of the assignee of the present invention. The purpose of providing the secure reply feature is to allow two computer users to communicate securely (ie, using encrypted data files) if only one of them has the required cryptographic software. Regardless of the software required, both parties decrypt the messages sent, and the replies to the original messages are encrypted for transmission.

For a different example, in an increasingly complex world, experts in various fields or specialties are often required to work secretly together. Many times these experts must cooperate with little notice and the information exchanged is of a sensitive or secret level. All parties wish to perform the information exchange with minimal overhead expenditure.

For example, imagine a law firm (XYZ Partners) representing a prominent party in a dispute lawsuit. All material involved in this case is considered sensitive. However, XYZ needs to discuss certain aspects of the case with lawyers at another firm (HIJ) located far away. Of course, timing is of the essence.

Using the present invention, XYZ's attorney can confidentially send documents to HIJ over the public email network. HIJ's attorneys can then edit or add their input to any sent documents and, using the present invention, answer XYZ with the same level of confidentiality.

Through confidential transfer, all parties are protected, and the collaborative effort requires minimal additional overhead and preparation.

It is therefore an object of the present invention to provide a method and apparatus for sending encrypted messages which cryptographically confirms that a confidential document has been successfully received and decrypted, without the need for specialized hardware or software at the receiving end.

Another purpose is to retrieve confidential files from remote computer users by first sending encrypted transmissions with dummy files.

Yet another object is to promote a confidential collaborative work environment by enabling two computer users to collaborate in the development of documents such as proposals, business plans, computer software, mechanical drawings, and the like. Using protected transfers, a file will be able to be sent from a first user to a second user and the second user can then make any desired modifications to the file and return it using the present invention.

Another object of the present invention is to enable secure distribution of software by using the user registration information returned by the present invention.

Another object of the invention is to be able to distribute information about a developed product to a restricted group of computer users. According to the invention, these users will reply with comments, suggestions, etc.

The novel nature of the structure and method of operation of the invention, together with other characteristics and advantages thereof, will be understood when read in conjunction with the accompanying drawings and the following description, wherein the preferred embodiments of the invention are illustrated by way of example. It is used for better understanding, however, these drawings are only for illustration and description, they are not as limiting the present invention.

A brief description of the drawings

Figure 1 is a flow chart illustrating the principle of operation of the present invention.

Figure 2, comprising Figures 2a-2d, is a flowchart of the steps taken to achieve the sending, receiving and returning of confidential information.

Figure 3, comprising Figures 3a-3d, is a more detailed flowchart of the process of the present invention.

Figure 4, comprising Figures 4a-4b, is a flowchart of an embodiment of the present invention for secure billing and payment processing.

Description of the preferred embodiment

The following description of program flow and various figures illustrate the present invention as it is currently practiced, assigned by the applicant to the assignee, the product of which is a secure transfer product under the Envelope98TM trademark. The same process can be applied to other cases with slight changes to the user interface.

Starting with Figure 1, a general overview illustrating the use of the invention is shown. Messages (envelope.exe) are created using specialized programs, including executable programs and encrypted files (envelope.exe), upon receipt and execution, to decrypt message content based on a preselected password or phrase provided. The entire message can be e-mailed to the recipient, modem-to-modem file transfer over the telephone line, or can be recorded on disk which is sent by courier or via the post office.

On the receiving end, the recipient executes the program (envelope.exe) that is an integral part of the message. The receiving computer then requests the agreed upon password or phrase and, as specified, operates on the encrypted files to decrypt them. The recipient then makes an option to provide a securely encrypted reply.

If a choice is made, the received message is executed again after the reply is prepared, and the reply selects the encrypted reply message when requested and the reply can be transmitted back to the originator using any of the same methods used when sending the original message. Once the originator receives the message, his device is able to decrypt the returned file.

As shown in FIG. 1 , the initial step is to create an envelope.exe file 12 , which will be explained in more detail below in conjunction with FIG. 2 . In FIG. 1 , a global computer network is used to transfer the files in the transfer step 14 . At the receiving end, the file is received 16 and the sent program is executed, step 18 . If the recipient wishes to validate an encrypted response, the receiving program can prepare the response, step 20, and this response is returned, step 22, via the global computer network. The reply is received, step 24, by the original sender, which has a program to decrypt the reply, step 26.

In Fig. 2a, a preferred embodiment of the present invention is illustrated in detail by explaining the flow of sending messages. Initially, the user specifies which file is to be sent, the encryption algorithm and password or phrase, whether to include a privacy answer option, any other user-specific messages, and the file name. In the next step, the decryption engine code is written and added to other file units.

Each file sent is retrieved sequentially and, if selected, compressed. Next, the private data is calculated and encrypted in successive steps using a user-defined algorithm. Prepare file headers and set up files for transfer.

Each remaining selected data file is then processed through the same steps until all selected files are compressed (if selections have been made), error detection codes, file size information and any other information that must be appended and encrypted are also set. After all file processing, the message is closed and ready for transmission via any available means, including worldwide computer networks, direct modem-to-modem transmission or storage on transmissible media, and sending via post office or courier.

Referring now to Figure 2b, the steps performed at the receiving end are shown. When the transfer program envelope.exe is executed, the envelope header is read out and information related to the number of transfer files is noted.

Various user commands are then acted upon, including instructions indicating the file to be extracted, the destination of the recipient's computer, the password or phrase, the file (if any) to include in the answer, and whether to answer, the destination of the answer.

Next, each transmitted file is then decrypted, decompressed, verified with integrity checks and written to the preselected destination on the recipient's system. If a confidential reply is made, the next step can be found in Figure 2c.

After receiving the message, if the receiver is ready to send a reply, the user executes the received program again (ie, runs the envelope.exe command). The program (by using a flag in the message header) knows that the original content has been decrypted and asks the user whether to create a secret reply.

If the user requests an answer, the program asks for encrypted filenames or encrypted files, and after encrypting the files, "packs" them in the answer header. Note that no decryption routine is returned with the reply, since the presence of software that needs to decrypt the reply is a prerequisite for creating the message.

If a confidential answer is provided and selected, the user determines which file to send, the file name, password or passphrase, and title. When the receiving program is executed again, each file to be returned is compressed (if required), specific information is collected, and each file is encrypted by the program sent to the recipient, who has no other encryption or decryption software available to him system. When all returned files have been processed, the file is closed and a reply message is returned.

Figure 2d shows the receipt of a reply at the original sender's location with the following steps. The original sender's program can read the reply's header and extract all necessary processing information. The original recipient's reply instructions are then processed, including the file to extract, the password or passphrase, and the destination to send the file to.

Next, each returned file is decrypted using the appropriate algorithm. The file is then decompressed, if necessary. Contents are checked for integrity and the file is stored at the chosen destination. The procedure is considered complete when all files are stored.

Turning to Figure 3a, processing at the receiving end is illustrated in a portion of a flowchart. To begin, select the answer option for the command line. If there is currently no filename, a flag is set indicating the answer to be created, and a filename is generated. The program then requests the previously agreed upon password or phrase. Once provided, an encryption key is generated from the passphrase or phrase and the message is opened and read. After reading the header, the program checks to see if the response option is indicated by the flag being set, but the message has not yet been decrypted. If so, a warning is given and the option to continue is offered. If you choose not to continue, exit the program.

Referring to Figure 3b, if processing continues, the next branch point is if the flag is not set but the message has been decrypted. If yes, the requesting user decides whether to ask for a reply. If no acknowledgment is required, the flag is cleared. Flag is set if an answer is required.

The next branch point check mark. If it is set, the key is verified. If not, the message is decrypted and the program exits. The key is verified, and if correct, the next check is performed. If the key is incorrect, exit the program. The next step is to check the answer file name. If not set, gets the name from the user. If the name is set, check to see if the file is available.

The process is now continued with reference to Figure 3c. The name of the output file to create for the answer. Ask if user-created names are acceptable. If not acceptable, get an acceptable filename. If acceptable, you must determine if the file can be created. If not, exit the program. If it can, the encrypted file, the "envelope" and the header of the data file are written and a message is displayed that the process has been completed.

Turning now to Figure 3d, the processing at the source of the original message is checked without using the accepted reply message. Because the original operating program is at this source, the reply can be opened and read immediately. Title identification is recorded and a password or phrase is provided. Creates an encryption key from a passphrase or phrase and provides a filename for decrypting the output file. If the key used is incorrect, the program exits. If correct, the data file is decrypted and verified to be correct and uncorrupted. If it is not, an error message is displayed and the program exits. If correct, the program exits without an error message.

Another embodiment of the invention is illustrated in the flow diagram of Figure 4 comprising Figures 4a and 4b. In this embodiment, simplified procedures for secure billing and payment are described. The bill is provided to a software program which compresses the bill, encrypts it and creates a confidential "envelope". Create emails that include encrypted bills. The email server then sends the bill across a worldwide network of computers sometimes called the Internet.

Turning now to Figure 4b, the message including the bill is received and the attachment is opened. Using the global computer network, a browser is activated to retrieve the decryption program from a URL specifically authorized to perform this service. Once obtained, run the decryption program.

The recipient is prompted for a personal identification number ("password") or password or passphrase. Check the validity of the password. If invalid, it is printed and the program is closed. If valid, the program decrypts the message and sends an acknowledgment to the sender across the global network. The bill is then displayed in the browser window and a connection is made to the billing URL. At this point, payment authorization can be sent, or the billing site can offer other bill payment options. The bill machine website can be an intermediary service provider or a financial institution, which can be authorized to pay all or part of the bill, or else assume the responsibility for payment.

In the system thus described, secure messages can be sent, and secure replies can be created by the recipient without requiring any special software program to be installed on the recipient's computer. Secure messages include programs that, when executed, are able to observe received messages and prepare secure responses. However, recipients cannot use this procedure to create new confidential messages to third parties or to allow third parties to create confidential replies.

The system of the present invention lends itself to securely exchanging data or for confidential financial processing in providing billing and payment. In one embodiment, any communication means may be used, including (but not limited to) portable media delivery. In another embodiment, the program of transmission can be abbreviated so that a link is created through a global computer network that provides the software needed to decrypt the message and create a secure reply. Alternatively, a separate link can be created using a secure financial services web site that can control financial processing based on confidential billing submissions.

The scope of the present invention should be limited only by the scope of the following appended claims.

Claims (39)

1. A method for file confidential transmission, comprising the following steps: Create encrypted files, including executable programs and files, using secure programs at the sending location; Send the encrypted file to the remote receiver; receiving said encrypted file at a location lacking said security program; at the receiving location, executing said executable program received; and The received file is decrypted with the received program. 2. The method of claim 1, further comprising the steps of: A passphrase is included as part of the executable program to prevent unauthorized decryption of the received encrypted file. 3. The method of claim 2, further comprising said passphrase of an encryption algorithm used in said encrypted file creation. 4. 2. The method of claim 1, wherein said executable program includes a verification step as a run-time step for confirming the integrity of the received file. 5. 2. The method of claim 1, wherein the step of creating includes the step of compressing the file prior to encrypting the file. 6. The method of claim 1, further comprising the step of selecting a confidential response, the step further comprising the steps of: providing an option for confidential responses in said executable program; selecting a confidential response option at the receiving end; using said received executable program to create a secure answer file similar to that created by the secure program at the transmitting end; transmitting the confidential answer document from the remote location to the sending location; and using said secure program at said sending location to decrypt said secure answer file: Thus, receiving locations that lack security procedures are able to receive secure messages and send secure replies. 7. 6. The method of claim 6, further comprising the step of including a passphrase in creation of said secure file, wherein said received executable program requests said passphrase for execution of said transfer program. 8. 6. The method of claim 6, further comprising the step of verifying the integrity of said confidential answer file at said transfer location. 9. Equipment used for secure file transfers, including: comprising, at the sending location, means for creating a secure program for creating an encrypted file integrating the executable program with the file; means for transmitting said encrypted file to a remote recipient; means for receiving said encrypted file at a location lacking said security program; means for executing said executable program received at a receiving location; and means for decrypting the received file in response to execution of said executable program. 10. The device of claim 9, further comprising: means for including a passphrase as part of said executable program to prevent unauthorized decryption of said encrypted file received. 11. The apparatus of claim 10, wherein said creating means includes said passphrase of an encryption algorithm used in said encrypted file creation. 12. 9. The apparatus of claim 9, wherein said means for performing includes verifying means for confirming the integrity of the received file. 13. 9. The apparatus of claim 9, wherein said creating means includes compression means for compressing a file prior to encryption of said file. 14. The apparatus of claim 9, further comprising means for creating a secret answer comprising: selection means for selecting a confidential response in said executable program; means for creating a confidential response at said receiving end, the means including means responsive to the received executable program for creating a confidential response file similar to that created by the secure program at the transmitting end; means at said remote location for transmitting said confidential answer document from said remote location to said sending location; and means for executing said security procedure at said sending location to decrypt said security response document, Thus, receiving locations that lack security procedures are able to receive secure messages and send secure replies. 15. 14. The apparatus of claim 14, further comprising means for including a passphrase in creation of said secure file, wherein the received executable program is responsive to said passphrase for execution of said transmitted program. 16. 14. The apparatus of claim 14, wherein said means for performing includes means for verifying the integrity of said confidential answer file at said transfer location. 17. A method for file confidential transmission, comprising the following steps: Use a secure program at the sending location to create encrypted files including executable programs and files; transmitting the encrypted file to a remote recipient; receiving said encrypted file at a location lacking said security program; at the receiving location, executing the received executable program; A predetermined website connected to a global computer network; Retrieving an appropriate executable program from said predetermined URL for decrypting the received encrypted file; and The received file is decrypted using the retrieved program. 18. The method of claim 17, further comprising the steps of: Including a passphrase as part of the executable program enables the predetermined web site to download the appropriate executable program, thereby preventing unauthorized decryption of received encrypted files. 19. The method of claim 18, further comprising said passphrase in an encryption algorithm used in said encrypted file creation. 20. 17. The method of claim 17, wherein said suitable executable program includes a verification step as a step upon execution for confirming the integrity of the received file. twenty one. 17. The method of claim 17, wherein the step of creating includes the step of compressing the file prior to encrypting the file. twenty two. The method of claim 17, further comprising the step of selecting a confidential response comprising the steps of: providing an option for confidential responses in said appropriate executable program; selecting a confidential response option at the receiving end; use the appropriate executable program received to create a security answer file similar to that originally created by the security program on the transmitting side; and transmitting the confidential answer document from the remote location to the sending location; and using said security program at said sending location to decrypt said security response document, Thus, receiving locations that lack security procedures are able to receive secure messages and send secure replies. twenty three. 22. The method of claim 22, further comprising the step of including a passphrase in creation of said secure file, wherein said received executable program requests said passphrase for capture of said appropriate executable program. twenty four. 22. The method of claim 22, further comprising the step of verifying the integrity of said confidential answer file at said transfer location. 25． Equipment used for secure file transfers, including: comprising, at the sending location, means for creating a secure program for creating an encrypted file integrating the executable program with the file; means for transmitting said encrypted file to a remote recipient; means for receiving said encrypted file at a location lacking said security program; means for executing the received executable program at the receiving location; means for decrypting said received file responsive to said executable program being run, linked to a predetermined web site on a global computer network to retrieve the appropriate executable program. 26． The device of claim 25, further comprising: Means including a passphrase as part of said executable program, capable of communicating with said predetermined web site to authorize downloading of said appropriate executable program and to prevent unauthorized decryption of received encrypted files. 27． 26. The apparatus of claim 26, wherein said creating means includes said passphrase in an encryption algorithm used when said encrypted file was created. 28． 25. The apparatus of claim 25, further comprising means for running said suitable executable program, wherein said means for running includes verification means for confirming the integrity of the received file. 29． 25. The apparatus of claim 25, wherein said creating means includes compressing means for compressing a file prior to encrypting said file. 30． The apparatus of claim 25, further comprising means for creating a secret answer, the means comprising: selection means for selecting a secure response in said appropriate executable program; means for creating a secure response at said receiving end, including means responsive to receiving the appropriate executable program to create a secure answer file similar to that created by the secure program at the transmitting end; means at said remote location for transmitting said confidential response document from said remote location to said sending location; and means for executing said security procedure at said sending location to decrypt said security response document, Thus, receiving locations that lack security procedures are able to receive secure messages and send secure replies. 31． 30. The apparatus of claim 30, further comprising means for including a passphrase in creation of said secure file, wherein said executable program being received downloads said appropriate executable program in response to said passphrase. 32． 30. The apparatus of claim 30, including means for executing said suitable executable program, said suitable executable program including means for verifying the integrity of said confidential answer file at said sending location. 33． The method of claim 17, further comprising the step of answer selection comprising the steps of: providing an option for answering in said executable program; selecting an answer option at said receiving end; use the appropriate executable program received to connect to a second predetermined global computer site; and command said second global computer site to make a selection; Thus, receiving locations lacking secure programs are able to receive secure messages and send instructions to selected global computer sites. 34． 33. The method of claim 33, further comprising the step of including a passphrase in creation of said secure file, wherein said received executable program requests said passphrase for capture of said appropriate executable program . 35． 33. The method of claim 33, further comprising the step of sending an acknowledgment of receipt to said sending location. 36． 33. The method of claim 33, further comprising the step of directing the selected second global computer site to send a confirmation message to said sending location. 37． The apparatus of claim 25, further comprising means for creating an answer comprising: Link the communication device of the second predetermined global communication site with the appropriate executable program; and means for transmitting predetermined instructions at said remote location to said second global computer site. 38． 37. The apparatus of claim 37, further comprising means for transmitting an acknowledgment of receipt to said sending location. 39． 37. The apparatus of claim 37, further comprising means for directing said second global computer site to send an acknowledgment of receipt to said sending site.

Images