[go: up one dir, main page]

HK1040561A1 - Systems and methods for securing electronic message - Google Patents

Systems and methods for securing electronic message Download PDF

Info

Publication number
HK1040561A1
HK1040561A1 HK02102060.9A HK02102060A HK1040561A1 HK 1040561 A1 HK1040561 A1 HK 1040561A1 HK 02102060 A HK02102060 A HK 02102060A HK 1040561 A1 HK1040561 A1 HK 1040561A1
Authority
HK
Hong Kong
Prior art keywords
electronic message
policies
computer
electronic
policy
Prior art date
Application number
HK02102060.9A
Other languages
Chinese (zh)
Inventor
史蒂文T‧塞纳特
史蒂文T‧塞納特
约翰‧布卢门撒尔
M‧杰弗‧马利根
約翰‧布盧門撒爾
格雷戈里A‧弗拉斯卡多雷
M‧杰弗‧馬利根
Original Assignee
机密保护公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 机密保护公司 filed Critical 机密保护公司
Priority claimed from PCT/US1999/017786 external-priority patent/WO2000008794A2/en
Publication of HK1040561A1 publication Critical patent/HK1040561A1/en

Links

Landscapes

  • Information Transfer Between Computers (AREA)

Abstract

System and methods are provided for permitting a sender to control access to an electronic message. The sender selects one or more policies (202) which a re packaged (220) with the electronic message (204) to form an object (222). Th e policies are implemented as computer-executable instructions capable of execution on a remote computer. The recipient can only access the electronic message as dictated by the policies which are in the object. Unauthorized us e of the electronic message is substantially prevented and the electronic message remains in the control of the sender.

Description

System and method for electronic message security
This application benefits from U.S. patent application 09/129,467 filed on 8/4/1998, which is hereby incorporated by reference herein.
The present invention relates to electronic messaging. More particularly, the present invention relates to rendering electronic messages in a controlled form.
Electronic mail, or email, is an electronic message that involves the transmission of a message over a communication network, which may be the internet, a Local Area Network (LAN), a Wide Area Network (WAN), or other network. In today's world, anyone can use an email or email system with a computer. Because email is fast, flexible, and reliable, businesses have begun to rely on email as a method of inter-office communication, and fully networked companies have expanded the use of email.
As the use of e-mail has developed explosively in recent years, the capabilities and features of e-mail systems and programs have improved. For example, all email programs actually allow users to attach files to text messages. The attachments may be photos, video clips, audio bytes, or other data. The user can send almost all files by email. One e-mail can be sent to a plurality of recipients simultaneously without repeatedly printing the message text. The e-mail may be stored as a text file to the recipient's computer, or forwarded to a different user, or printed.
The email system may also improve the appearance of text in the email. The user may select the color and font of the text to improve the visual effect of the email text. Other email applications notify users when the recipient receives the email and when the email is opened. Other additional functions of the email system include an address book and a scheduling application. The address book allows the user to store the email address and personal information of the recipient. In summary, email applications are becoming not only more sophisticated, but also more indispensable.
Currently, there are two main email applications or systems: client-based email systems and browser-based email systems. Client-based email systems involve client applications stored at each client. The application program typically provides at least a means for the user to compose and send an email. The server receives the composed emails and forwards them to the recipient. Browser-based email systems also provide users with a means to compose emails, but because email applications are available using an internet browser, each user or client does not have a separate application.
Many private email systems provide users with additional tools that cannot be used outside of a local area network. For example, in a dedicated email system, a sender may recall an email if the email has not yet reached the recipient. However, only clients using a particular server or members within a particular private email system may use the additional tools. Neither browser-based email systems nor client-based email systems can revoke emails that have left the local mail server. Once the email enters the internet, the recipient can receive and read the email. In some instances, the email may be read by an undesired recipient. It would be advantageous to provide a tool that is effective in any system.
Instant messaging is another example of sending an electronic message to a recipient. Typically, a portal provides such services to users connected to the portal by having the user select or create a people list of people for whom instant messaging is desired. When a person on the list logs into the portal, the creator of the list is notified. The creator can then send the message and the recipient immediately receives the message. In many cases, instant messaging is like a chat room, where all users can see messages of other users. However, instant messaging is typically limited to known groups of users all located on a certain list.
Other methods of sending the electronic message are also possible. Currently, fax, printing, and other services are available over the internet. A common factor involved in faxes, emails, instant messaging, and other services is data or information. The fundamental problem is that information is valuable and as the use of electronic messages in personal and business applications becomes more and more common, there is a need to protect such data.
In many instances, the sender only wishes to maintain control over the information within the electronic message. Sending an electronic message can cause the sender to lose this control. For example, many companies or businesses search various publications and databases for consideration. These companies generate reports on their client search requests. In many instances, there is sensitive content in the report. For example, the report may contain an analysis of whether the enemy took over the availability. The reports of these companies are not only valuable to the customers, but also to the companies. With today's technology, reports can be sent electronically to customers. However, if the information in the report is discovered by an unauthorized party, harm is done to both parties. In fact, many companies do not transmit sensitive data electronically because of the fear that information will be available to unauthorized persons.
In addition, information within the electronic message may be revealed intentionally or unintentionally. For example, the user may accidentally hit the forward key of an email application instead of the reply key. The result of such an error is that the message will be addressed or sent to the wrong recipient. In other instances, transmissions on the internet may be monitored and intercepted to determine the content of the transmission. If sensitive information is sent, the information may be intercepted and abused. Paper documents present the same danger, but copying a report and mailing it to an unauthorized person is much more complicated than simply clicking on the forward key on an email application.
However, while electronic messaging provides desirable advantages, there are corresponding disadvantages. Because information can be sent electronically and because information can be discovered intentionally and inadvertently by unauthorized persons, there is a need to protect the information or reduce the risk of unauthorized use of the data. It would be an advance in the art to provide risk management for electronic messages.
It is therefore an object of one embodiment of the present invention to provide privacy of the contents of an electronic message.
It is another object of an embodiment of the present invention to provide risk management for electronic messages.
It is a further object of an embodiment of the invention to prevent unauthorized use of electronic messages.
An additional object of one embodiment of the present invention is to select a policy for electronic messages.
It is a further object of an embodiment of the present invention to integrate policies that control access to electronic messages with electronic messages.
It is a further object of an embodiment of the present invention to create an electronic message with a self-enforcing policy.
It is another object of an embodiment of the present invention to restrict access to electronic messages.
In one embodiment, risk management of electronic messages requires monitoring or limiting access to the electronic messages. This is difficult to achieve since once an electronic message is sent to a recipient it is no longer under the control of the sender. The system and method provided by the invention can control the recipient to access the electronic message.
To enable the sender to control access to the electronic message, the sender selects a policy to be enforced on the electronic message. Typically, policies relate to the use and access of electronic messages, but may also serve other functions. For example, the user may select a policy that prevents recipients from printing the electronic message, or the user may select a policy that prevents the electronic message from being forwarded to other users. Other functions include automatically forwarding the message to another user after the recipient opens the message. In summary, the policy has multiple uses for the sender.
After the sender selects the policy, the policy is combined with the electronic message. The policy is then encapsulated with the electronic message to form an object. In one embodiment, the policy is represented by computer-executable instructions and may be executed on a remote machine. An example of such computer executable instructions is JAVA. This embodiment allows the object to enforce the policy selected by the sender to the recipient.
There are a number of ways in which the invention may be configured, for example, one embodiment utilizes a remote resource to store the policy that the sender combines with the electronic message. In this embodiment, the encapsulated object includes a Uniform Resource Identifier (URI) related to a remote policy that must be accessed before the recipient is authorized to access the electronic message. The object may enforce a policy for the sender and recipient to store to remote locations.
In another embodiment, the policy may be encoded as instructions representative of the policy and stored to a remote location. The URI may locate the remote location, or the remote location is the recipient's computer or other rendering device. In other words, the recipient has computer-executable instructions that can decipher the encoded policy.
The present invention may be implemented in both client-based and browser-based systems. In the case where hypertext markup language (HTML) rendering is not supported within the received email body, the object will arrive as an attachment. In one embodiment, the recipient is required to have a Java virtual machine before enforcing the policies in conjunction with the electronic message.
Additional objects and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. The objects and advantages of the invention may be realized and attained by methods and systems particularly pointed out in the appended claims. These and other objects and features of the present invention will become more fully apparent from the following description and appended claims, or may be learned by the practice of the invention as set forth hereinafter.
In order to describe the manner in which the above-recited and other advantages and objects of the invention are obtained, a more particular description of the invention briefly described above will be rendered by reference to specific embodiments thereof which are illustrated in the appended drawings. Understanding that these drawings depict only typical embodiments of the invention and are not therefore to be considered to be limiting of its scope, the invention will be described and explained with additional specificity and detail through the use of the accompanying drawings. Wherein:
FIG. 1 illustrates an exemplary system for implementing the present invention.
FIG. 2 illustrates a block diagram of an object including data encapsulated with one or more policies.
FIG. 3 sets forth a block diagram illustrating an exemplary method for creating a self-executing object.
Fig. 4 shows a block diagram of a network implementing the system and method of the present invention.
Information is transferred from one entity to another using electronic messages. As used herein, electronic messages include e-mail, instant messaging, facsimile, video files, audio files, graphics, text, documents, electronic data reports, databases, and other data and information. The main problem with electronic messages is controlling the transmission of electronic messages from a sender to a recipient. In many instances, the sender wishes to maintain control over the electronic message. This is desirable for confidential or sensitive information and data that is copyrighted or legally protected.
Electronic messages allow a sender to quickly send information to a recipient, but as noted above, there is some risk of doing so. The protection afforded to the electronic message by the sender may vary. In any case, security is not absolute. The present invention provides a system and method for preventing unauthorized use of electronic messages.
In a preferred embodiment of the present invention, the sender creates or prepares the electronic message using a client-based application or a browser-based application. The sender may use policies and may select one or more of these policies to integrate with the electronic message. An encapsulator is provided for encapsulating the electronic message and the selected policy into an object. Policies associated with the electronic message may be enforced, or enforced, on the recipient computer or other rendering device and allow the sender of the electronic message to maintain control of the electronic message within the object. In fact, the use of electronic messages is limited by the electronic message sender. In this way, the risk of unauthorized use of the electronic message is reduced and the content of the electronic message is kept secret or protected.
The invention is illustrated using a simplified diagram and a flow chart. The description of the invention in this manner using diagrams and flowcharts is not to be considered as limiting the scope of the invention. Embodiments of the present invention may comprise a special purpose or general-purpose computer including various computer hardware.
Embodiments within the scope of the present invention also include computer-readable media on which computer-executable instructions or data structures may be stored. Such computer-readable media can be any available media that can be accessed by a general purpose or special purpose computer. By way of example, and not limitation, such computer-readable media may comprise: RAM, ROM, EEPROM, CD-ROM or other optical disk storage, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired executable instructions or data structures and which can be accessed by a general purpose or special purpose computer. When information is transferred or provided over a network or another communications connection to a computer, the computer properly views the connection as a computer-readable medium. Thus, such a connection is also properly termed a computer-readable medium. Combinations of the above may also be included within the scope of computer-readable media. For example, computer-executable instructions comprise instructions and data which cause a general purpose computer, special purpose computer, or special purpose processing device to perform a certain function or group of functions. Computer-executable instructions and associated data structures represent examples of the program code means for executing steps of the present invention disclosed herein.
FIG. 1 and the following discussion are intended to provide a brief, general description of a suitable computing environment in which the invention may be implemented. Although not required, the invention is described in the general context of computer-executable instructions, such as program modules, being executed by a personal computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. Moreover, those skilled in the art will appreciate that the invention may be practiced with other computer system configurations, including hand-held devices, multiprocessor systems, microprocessor-based or programmable consumer electronics, network PCs, minicomputers, mainframe computers, and the like. The invention may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote memory storage devices.
With reference to FIG. 1, an exemplary system for implementing the invention includes a general purpose computing device 20 in the form of a conventional computer, the general purpose computing device 20 including a processing unit 21, a system memory 22, and a system bus 23 that couples various system components including the system memory to the processing unit. The system bus 23 may employ any of several bus structures including a memory bus or memory controller, a peripheral bus, and a local bus using any of a variety of bus architectures. The system memory includes Read Only Memory (ROM)24 and Random Access Memory (RAM) 25. A basic input/output system (BIOS)26, containing the basic routines that help to transfer information between elements within the computer 20, such as during start-up, may be stored in ROM 24. The computer 20 may further include: a hard disk drive 27 (not shown) for reading from and writing to a hard disk; a magnetic disk drive 28 for reading from and writing to a removable magnetic disk 29; and an optical disk drive 30 for reading from and writing to a removable optical disk 31 such as a CD-ROM or other optical media. The hard disk drive 27, magnetic disk drive 28, and optical disk drive 30 are connected to the system bus 23 by a hard disk drive interface 32, a magnetic disk drive interface 33, and an optical disk drive interface 34, respectively. The drives and their associated computer-readable media provide nonvolatile storage of computer readable instructions, data structures, program modules and other data for the computer 20. Although the exemplary embodiment described herein employs a hard disk 27, a removable magnetic disk 29, and a removable optical disk 31, it should be appreciated by those skilled in the art that other types of computer readable media which can store data that is accessible by a computer, such as magnetic cassettes, flash memory cards, digital video disks, Bernoulli cartridges, Random Access Memories (RAMs), Read Only Memories (ROMs), and the like, may also be used in the exemplary operating environment.
A number of program modules may be stored on the hard disk, magnetic disk 29, optical disk 31, ROM 24 or RAM 25, including an operating system 35, one or more application programs 36, other program modules 37 and program data 38. Using input devices such as a keyboard 40 and pointing device 42, a user may enter commands and information into the computer 20. Other input devices (not shown) may include a microphone, joystick, game pad, satellite dish, scanner, or the like. These and other input devices are often connected to the processing unit 21 through a serial port interface 46 that is coupled to the system bus 23, but may be connected to the processing unit 21 by other interfaces, such as: a parallel port, game port, or a Universal Serial Bus (USB). A monitor 47 or other type of display device is also connected to the system bus 23 via an interface, such as a video card 48. In addition to the monitor, personal computers typically include other peripheral output devices (not shown), such as: speakers and printers.
The computer 20 may operate in a networked environment using logical connections to one or more remote computers, such as a remote computer 49. The remote computer 49 may be another personal computer, a server, a router, a network PC, a peer device or other common network node, and typically includes many or all of the elements described above relative to the computer 20, although only a memory storage device 50 has been illustrated in FIG. 1. The logical connections depicted in FIG. 1 include a Local Area Network (LAN)51 and a Wide Area Network (WAN)52, which are presented here by way of example only and not limitation. Such networking environments are commonplace in office enterprise computer networks, intranets and the Internet.
When used in a LAN networking environment, the computer 20 is connected to the local network 51 through a network interface or network adapter 53. When used in a WAN networking environment, the computer 20 typically includes a modem 54 or other means for establishing communications over the wide area network 52, such as the Internet. Further, the computer network may include a wireless network. The modem 54, which may be internal or external, is connected to the system bus 23 via the serial port interface 46. In a networked environment, program modules depicted relative to the computer 20, or portions thereof, may be stored in the remote memory storage device. It will be appreciated that the network connections shown are exemplary and other means of establishing a communications link between the computers may be used.
FIG. 2 is a block diagram conceptually illustrating data that is restricted from access by a policy. The electronic message 204 may be an email, an instant message, a video clip, an audio file, a document, a file, a Uniform Resource Identifier (URI), or any other type of data to be protected. Policy 202 is used to determine how to use or access electronic message 204. Policies 202 and electronic messages 204 are coupled or encapsulated together to form object 200.
Policy 202 is an important aspect of object 200, as policy 202 defines, in one embodiment, the way electronic message 204 is displayed or rendered, how electronic message 204 is accessed, and the way a user interacts with electronic message 204 or the way electronic message 204 is used by a user. Typical policies that the sender may select for the electronic message 204 include, but are not limited to: indicating whether the recipient is allowed to forward the electronic message 204 to another user; indicating whether the recipient is allowed to copy, paste, or cut the contents of the electronic message 204; indicating whether the recipient is allowed to store the electronic message 204 independent of the policy 202; an electronic message 204 indicating whether the sender can recall an electronic message that was sent or forwarded to a recipient or other user; and whether the user can print the electronic message 204. Other policies 202 may specify and/or include:
a date until which electronic messages cannot be used; or a date after which the electronic message can no longer be used; or a time window within which the electronic message can be accessed;
the number of times an electronic message can be opened or accessed;
an audit trail that captures data pertaining to the history of use of the electronic message and stores them in a file or sends them to another entity, which may be the sender of the electronic message;
acceptance or submission of an acceptance condition that a recipient must accept before accessing or opening an electronic message; the recipient accepts or rejects the record of the qualifying condition; and notifying a party (e.g., sender) that the acceptance condition has been accepted or rejected;
the number of times an electronic message can be accessed, opened, or read, may be one;
a record of the recipient's use of the electronic message may be established and sent or forwarded to another party (which may be the sender);
only a prescribed number or more of electronic messages can be accessed or opened;
only the first N copies of the electronic message may be opened or accessed;
the recipient must select the password or passcode required to continuously attempt to open the electronic message;
only one copy of the electronic message can be accessed or read forever, and which copy of the electronic message can be opened is determined according to the sequence of opening the copy or other conditions;
electronic messages require the occurrence of another condition and the condition may be provided by an external source;
a license utilizing a public key system, a symmetric key system, a password, a biometric feature, a corporate badge, a smart card, JavaRing, or other form of personal or group license;
as in the delivery list, a particular recipient can only access or read electronic messages in a specified order;
print screen functionality or other storage capture methods are not able to capture electronic messages; and
when another person logs in and views an audit record, etc., the message may be read or accessed only under specified environmental conditions (e.g., date, address attempting to access the electronic message).
Other policies may also be implemented and all policies may be combined in complex relationships.
Clearly, many policies may be implemented and enforced for electronic messages.
In another embodiment, policy 202 may include URI positioning (URI reference). The URI locations remotely located from the sender and recipient of the electronic message may contain the actual policies that the sender wishes to enforce. In this example, the policy encapsulated in the object may require viewing of the remote resource or location for other policies that affect the recipient's access to the electronic message.
Fig. 3 illustrates a method of forming an object 200. The user introduces or creates an electronic message 204. For example, a user may create an email to be sent to a recipient. In this case, this email may be an electronic message 204. Upon creation of the electronic message 204, the associator 222 associates the sender-selected policy 202 with the electronic message 204. At the associator 222, the policy 202 linked or integrated with the electronic message 204 cannot yet be implemented.
After electronic message 204 is combined with policy 202, encapsulator 220 encapsulates them into object 200. In one embodiment, this may be accomplished by creating a JAVA applet that any recipient with a JAVA virtual machine can execute. In other words, in one embodiment, policy 202 is a computer-executable instruction that may be executed on a remote computer. In another embodiment, the policy encapsulated with the electronic message is coded instructions that may invoke computer-executable instructions that reside in a separate environment or remote environment or at a separate or remote location. For example, the local area network where the recipient is located has computer-executable instructions needed to execute the coded instructions, the computer-executable instructions being stored to a server accessible by the recipient; or the recipient's computer contains the necessary computer-executable instructions; or reside in a remote location or environment. In other words, policies encapsulated in objects can be enforced and enforced in a variety of ways.
Once the object 200 is formed, the policy 202 is active and will control the recipient's access to, and use of, the electronic message 204. In this case, the object 200 is self-implementing. In systems having a form of electronic messaging (e.g., email), the sender no longer has physical control over the electronic message after it is sent. Creating an object that includes data and computer-executable instructions can enable a sender of the data to ensure that a recipient uses the data correctly.
In addition to the data 202 encapsulated with the policy 204, the encapsulator 220 or associator 222 can also encrypt the electronic message 204. In one embodiment, encrypting the data 202 may ensure that only the intended recipient has the ability to decrypt the data 202. For example, if the electronic message 204 is encrypted with a key that the particular recipient has, although the data 202 may be forwarded to another user, it may not be used substantially because it remains encrypted. Encryption is typically performed using known methods using the present techniques. In another embodiment, encryption may ensure that a message is decrypted and viewed only when conditions specified by a policy are met.
Fig. 4 illustrates a block diagram of an exemplary system that may transmit an electronic message. The network 230 is shown with multiple senders 232, encapsulator 220, server 234, and path 236. The sender 232 is intended to represent an electronic message source or other data source. In a preferred embodiment, sender 232 is a computer, as shown in FIG. 1, that can create, send or transmit electronic messages. Server 234 may also be implemented as a computer that can send or forward electronic messages created by sender 232. In a preferred embodiment, server 234 is a mail server or a web server. As described above, the wrapper 220 creates the object 200.
In a preferred embodiment, the encapsulator 220 can also be a computer and located in a network so that the encapsulator 220 can inspect or monitor all electronic messages. Encapsulator 220 operates on these electronic messages in conjunction with policies to form object 200. Generally, the encapsulator 220 ignores electronic messages that are not associated with a policy.
Upon receipt of the electronic message, server 234 forwards or sends the electronic message to addressee 242. Typically, sender 232 and recipient 242 are connected via a network. In fig. 4, the internet 238 is a connection network. The electronic message or object arrives at server 240 at which point recipient 242 is notified that the electronic message has arrived. Fig. 4 illustrates the sending and receiving of electronic messages or objects in a known manner, with the exception that the encapsulator 220 creates self-enforcing objects. In other words, the policy of the sent object defines what the recipient 242 can do with the electronic message within the object, rather than being defined by the user's particular application.
Upon receiving the object, recipient 242 may only access the data within the object as determined by the policy. In some embodiments, the policy is part of the object. In other embodiments, the policy is directed to a remote location independent of the sender 232. For example, the source 244 located by the URI may contain policies that are enforced for the recipient 242. In this example, an object received by the recipient 242 may cause the source 244 to be accessed to determine the policy to enforce for the recipient 242.
Path 236 represents a path for transmitting an electronic message from the sender 232 to the encapsulator 220. When the electronic message is in path 236, the object has not yet been formed and the electronic message may be discovered by an unauthorized user. To avoid this possibility, a cryptographically secure connection may be used during the transmission of the electronic message.
In another embodiment, path 236 is first connected to an associator as shown in fig. 3, which is located between the sender 232 and the encapsulator 220. Typically, the functions performed by the associator are independent of the function of the encapsulator, but the associator may perform its function at some point on the sender 232, encapsulator 220, or path 236. In another embodiment, the associator is incorporated with the encapsulator 220, and in another embodiment, as shown in FIG. 3, the associator is separate from the sender 232 and the encapsulator 220. If the correlator is implemented on the same machine or computer as the environment in which the electronic message was created, path 236 is cancelled. Selection of policies
Typically, the policy is selected by the sender of the electronic message, although an entity such as a company may automatically combine the policy with each electronic message that is output. There are at least two different environments for the user to select a policy. The first environment is a client-based environment and the second environment is a browser-based environment.
In a client-based environment, each client typically has a separate application that provides the user with the ability to create and send electronic messages. The mail server receives messages and sends them to recipients. In order for the user to select a policy, a module is integrated into the application that allows the user to select a policy and integrate the policy with the electronic message. In one embodiment, this is accomplished by setting the module to separate applications for each sender. When a user or sender creates an electronic message, the module allows the sender to select a policy to be combined with the electronic message or data to be sent. Thereafter, the wrapper creates an object that includes the code needed to enforce the selected policy on the electronic message or data.
In a browser-based environment, applications are typically located on a server computer and users access the applications using a browser. In one embodiment, the user may use the policy by changing the options presented to the user with the web page that makes up the user interface. By simply clicking, the user can select the desired policy. The selected policies are then combined with the electronic message or data, and the encapsulator then creates objects capable of enforcing the policies.
In both circumstances, the user selects which policy to implement for the electronic message. The modules in a client-based environment may be expanded to include other policies or to remove policies from the application. In the same way, policies provided in a browser-based environment may be removed or augmented. The strategy can be quickly and conveniently adapted to various environments. Client-based applications typically require small installations and the browser service-based HTML code can be easily changed at the server so that all users can use the policy. The selection of available policies for the end user or sender may be determined by the initial installation or adjustment described above. It may also be determined by the policy selection and configuration context used by the system administrator for administration. Policy
User-selected policies are typically used to protect a user's electronic messages or data. For example, the data may be a company's balance sheet that only a certain accountant can view. In other instances, the data is copyrighted and sent to the buyer electronically. In the case of e-mail, the recipient can very simply forward the e-mail to one or more persons. However, it is possible that this is not desired by the sender. Policies are used to prevent this situation, as well as others, where data or electronic messages need to be protected. The protection provided is not absolute in some cases, but generally reduces the risk of unauthorized use of the data.
The first policy is one that prevents the recipient from forwarding the electronic message to the new user, and this policy can be implemented in a variety of ways. In the first method, the electronic method is encrypted with the public key of the recipient. It is assumed that only the recipient has the private key needed to encrypt the message. If the electronic message is forwarded, it is forwarded in encrypted form and the next user cannot decrypt it, since they do not have the private key of the original recipient. Another approach requires the sender and recipient to negotiate a password in a separate transaction (e.g., a telephone call) before the electronic message is sent to the recipient. Policies incorporated and consolidated with electronic messages require the recipient to provide a password before granting the recipient access to the electronic message. This policy may prevent an electronic message from being accessed if the electronic message is forwarded to another user, since the new user typically does not know the password. A last typical way to prevent an electronic message from being forwarded is to prevent the recipient from using the forwarding mechanism of the application. In some instances, this may be accomplished by hiding a forward button of the recipient electronic message application. Depending on the required security level, different mechanisms may be employed for preventing the recipient from forwarding the electronic message. Combinations of the above methods may also be used. The various embodiments described above for preventing unauthorized forwarding of electronic messages provide different levels of security for the sender of the electronic message. In some instances, the sender's intent is simply to complicate the process. For example, a professional computer user may still forward an electronic message with the forward button hidden. However, ordinary users cannot forward electronic messages.
Another policy that the user may select is the ability to expire electronic messages. This strategy can also be implemented in various ways. In one approach, a wrapper accessible by the URI stores a date or time indicating the expiration date of the object. When the recipient attempts to access the object, the policy of the object checks the current date or time against the date or time stored in the wrapper. If the electronic message or object has expired, the recipient is denied access. In this embodiment, the data is repeatedly encrypted as an additional precaution. The current date source or time source may be the recipient computer's clock, an external trusted time source, or a combination of these time sources.
Another embodiment is to store the expiration date at a remote location that is still accessible using the URI. The object is at a remote location before recipient access is allowed, rather than the encapsulator checking the expiration time to determine if the electronic message has expired. Obviously, these methods provide hierarchical security.
Another policy is the ability to revoke electronic messages that have been sent to recipients. In one embodiment, the sender may register with the wrapper to indicate that the electronic message is to be revoked. Objects sent to a recipient are first checked with the encapsulator to determine if the object was required to be revoked by the sender. If the sender has indicated that the object is to be revoked, the policy of the object does not allow the recipient to access the data stored within the object. In this embodiment, this data may be encrypted as a further precaution. The operation of this policy is the same as that of the expiration policy.
Another policy that the user may select is to limit the recipient's ability to cut, copy, or paste the object content. When the recipient selects text to cut or copy, the text is placed in a buffer or memory. In one embodiment, the policy of the object detects when the data text within the object is selected and placed in the buffer. The strategy can either replace the data in the buffer with unrelated digital data or simply empty the buffer. This prevents the recipient from cutting, copying, and pasting the contents or text of the electronic message within the object.
The above-described policies are intended to be illustrative of typical policies that may be selected by a sender of an electronic message and are not intended to be limiting. The policies used by the sender may be modified or removed. The sender may also use other policies and may enforce these policies using various methods. In some instances, the policy is directed to risk management of the data, rather than to absolute security thereof. However, the change in the degree of risk to the data may be determined by the selected policy and the policy strength. The electronic message may be combined with more than one policy, and in some instances, the policy to be enforced may be located at a remote location. Policies may be enforced in both a client-based and browser-based environment.
The invention may be embodied in other specific forms without departing from the spirit or essential characteristics thereof. The above-described embodiments are to be considered in all respects as illustrative and not restrictive. The scope of the invention is, therefore, indicated by the appended claims rather than by the foregoing description. All changes which come within the meaning and range of equivalency of the claims are to be embraced within their scope.

Claims (37)

1. A method for creating a self-enforcing object, the method comprising the steps of:
the sender creates an electronic message;
combining one or more policies with the electronic message; and
the electronic message is encapsulated with one or more policies to form a self-enforcing object.
2. The method of claim 1, wherein the electronic message comprises an email.
3. The method of claim 1, wherein the electronic message comprises an instant message.
4. The method of claim 1, wherein the step of associating one or more policies with the electronic message further comprises the step of selecting one or more policies by a user.
5. The method of claim 1, further comprising the step of encrypting the electronic message.
6. The method of claim 1, wherein the one or more policies comprise computer executable code.
7. The method of claim 1, wherein the one or more policies comprise coded instructions that invoke computer-executable code residing within a remote environment.
8. The method of claim 1, wherein the policy controls access to the electronic message.
9. The method of claim 1, wherein the policy renders the electronic message to a recipient of the electronic message.
10. A computer readable medium having computer readable instructions for performing the steps recited in claim 1.
11. A method for rendering an object having an electronic message to a recipient, the method comprising the steps of:
the receiver receives the object;
executing one or more policies encapsulated in the object with the electronic message; and
the electronic message is rendered to the recipient according to one or more policies.
12. The method of claim 11, wherein one or more policies comprise computer-executable code that can be executed on more than one computer.
13. The method of claim 11, wherein the one or more policies comprise coded instructions that may invoke computer-executable instructions residing in the standalone environment.
14. The method of claim 11, wherein one or more policies control access to electronic messages.
15. The method of claim 11, wherein the step of rendering the electronic message further comprises the step of decrypting the electronic message.
16. The method of claim 11, wherein the one or more policies prevent the electronic message from being forwarded.
17. The method of claim 11 wherein one or more policies may cause a sender to revoke an electronic message.
18. The method of claim 11, wherein the one or more policies prevent electronic messages from being cut.
19. The method of claim 11, wherein the one or more policies prevent the electronic message from being copied.
20. The method of claim 11, wherein the one or more policies prevent the electronic message from being opened.
21. The method of claim 11, wherein one or more policies determine whether an electronic message has expired.
22. The method of claim 11, wherein the one or more policies prevent the electronic message from being printed.
23. The method of claim 11, wherein the one or more policies prevent electronic messages displayed on the display device from being captured by the print screen function.
24. The method of claim 11, wherein the one or more policies comprise a URL.
25. A computer-readable medium having computer-executable instructions for performing the steps recited in claim 11.
26. A method of controlling access to an electronic message by a recipient, the method comprising the steps of:
integrating the electronic message with one or more policies;
encapsulating one or more policies with the electronic message to form an object;
sending the object to a recipient; and
the recipient enforces a policy with the electronic message encapsulation.
27. The method of claim 26, wherein the step of combining electronic messages further comprises the step of creating electronic messages.
28. The method of claim 26, wherein the step of combining the electronic messages further comprises the step of encrypting the electronic messages.
29. The method of claim 26, wherein the step of incorporating the electronic message further comprises the step of encrypting one or more policies incorporated with the electronic message.
30. The method of claim 26, wherein the step of combining electronic messages further comprises the step of selecting one or more policies from a group of policies comprising:
a first policy for controlling whether the electronic message can be forwarded;
a second policy for controlling when the electronic message expires;
a third policy for revoking electronic messages;
a fourth policy for opening electronic messages;
a fifth policy for preventing recipients from cutting electronic messages; and
a sixth policy for preventing the recipient from copying the electronic message.
31. The method of claim 26, wherein the one or more policies comprise computer-executable instructions.
32. The method of claim 26, wherein the one or more policies comprise coded instructions that invoke computer-executable code residing in the stand-alone environment.
33. A computer-readable medium having computer-executable instructions for performing the steps recited in claim 26.
34. A method for encapsulating an electronic message with one or more policies, the method comprising the steps of:
monitoring the network for electronic messages sent by the sender in combination with one or more policies;
creating, on the wrapper, an object of the electronic message in combination with the one or more policies; and
the object is sent to a recipient specified by the sender.
35. The method of claim 34, wherein the object comprises computer executable code combined with the electronic message, wherein the computer executable code represents the one or more policies.
36. The method of claim 34, wherein the object comprises coded instructions referencing computer-executable code, the computer-executable code being stored to the remote location, wherein the coded instructions represent one or more policies.
37. The method of claim 34, wherein the step of creating an object further comprises the step of encrypting the electronic message.
HK02102060.9A 1998-08-04 1999-08-04 Systems and methods for securing electronic message HK1040561A1 (en)

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
US12946798A 1998-08-04 1998-08-04
US09/129,467 1998-08-04
US36844899A 1999-08-04 1999-08-04
US09/368,448 1999-08-04
PCT/US1999/017786 WO2000008794A2 (en) 1998-08-04 1999-08-04 Systems and methods for securing electronic message

Publications (1)

Publication Number Publication Date
HK1040561A1 true HK1040561A1 (en) 2002-06-14

Family

ID=26827598

Family Applications (1)

Application Number Title Priority Date Filing Date
HK02102060.9A HK1040561A1 (en) 1998-08-04 1999-08-04 Systems and methods for securing electronic message

Country Status (3)

Country Link
CN (1) CN1332881A (en)
CA (1) CA2339228A1 (en)
HK (1) HK1040561A1 (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8117595B2 (en) 2004-03-23 2012-02-14 Microsoft Corporation Method for updating data in accordance with rights management policy
US7430754B2 (en) * 2004-03-23 2008-09-30 Microsoft Corporation Method for dynamic application of rights management policy
US7752271B2 (en) * 2004-06-01 2010-07-06 International Business Machines Corporation Method of retracting an instant message
US9838349B2 (en) * 2010-03-08 2017-12-05 Microsoft Technology Licensing, Llc Zone classification of electronic mail messages
CN104182698B (en) * 2014-08-18 2018-01-16 联想(北京)有限公司 A kind of data clearing method and electronic equipment
CN106789574A (en) * 2016-12-21 2017-05-31 北京奇虎科技有限公司 A kind of e-mail sending method, mail control method, transmitting terminal and receiving terminal
CN109165517B (en) * 2018-08-16 2024-06-25 腾讯科技(深圳)有限公司 Method, device, medium and equipment for preventing information leakage
CN118175133A (en) * 2019-08-26 2024-06-11 钉钉控股(开曼)有限公司 Message forwarding method, mail forwarding method and electronic equipment

Also Published As

Publication number Publication date
CA2339228A1 (en) 2000-02-17
CN1332881A (en) 2002-01-23

Similar Documents

Publication Publication Date Title
US7093136B2 (en) Methods, systems, computer program products, and data structures for limiting the dissemination of electronic email
JP3932319B2 (en) Email firewall using encryption / decryption with stored key
CN1756147B (en) Enforce rights management with edge email servers
EP1735934B1 (en) Method for dynamic application of rights management policy
US8769492B2 (en) Method for updating data in accordance with rights management policy
JP4575721B2 (en) Security container for document components
US8219798B1 (en) Method and system for securing E-mail transmissions
JP2004046811A (en) Transmitter firewall
WO2004001540A2 (en) Method and system for protecting digital objects distributed over a network using an electronic mail interface
CN100423515C (en) E-mail management system and method
EP1101190A2 (en) Systems and methods for securing electronic message
HK1040561A1 (en) Systems and methods for securing electronic message
US8677113B2 (en) Transmission of secure electronic mail formats
US20020059525A1 (en) Authenticating the contents of e-documents
US20050267939A1 (en) Transparent security for electronic mail messages
JP2008219743A (en) File encryption management system and method of implementing same system
CA2505273C (en) Transmission of secure electronic mail formats
Stecher Integrity, Privacy, and Security in Open Pluggable Edge Services (OPES) for SMTP
Lobree et al. E-Mail: Security.
HK1084803B (en) Method and apparatus for transmission of digitally signed electronic mail
WO2004088447A2 (en) A digital e-mail certificate
AU2013202208A1 (en) Systems and methods for securing and/or distributing secured data