US20030050981A1 - Method, apparatus, and program to forward and verify multiple digital signatures in electronic mail - Google Patents

Method, apparatus, and program to forward and verify multiple digital signatures in electronic mail Download PDF

Info

Publication number
US20030050981A1
US20030050981A1 US09/951,820 US95182001A US2003050981A1 US 20030050981 A1 US20030050981 A1 US 20030050981A1 US 95182001 A US95182001 A US 95182001A US 2003050981 A1 US2003050981 A1 US 2003050981A1
Authority
US
United States
Prior art keywords
message
digital signature
user
digital
mail
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US09/951,820
Inventor
Dwip Banerjee
Rabindranath Dutta
Eduardo Spring
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
International Business Machines Corp
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by International Business Machines Corp filed Critical International Business Machines Corp
Priority to US09/951,820 priority Critical patent/US20030050981A1/en
Assigned to INTERNATIONAL BUSINESS MACHINES CORPORATION reassignment INTERNATIONAL BUSINESS MACHINES CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: SPRING, EDUARDO N., BANERJEE, DWIP N., DUTTA, RABINDRANATH
Publication of US20030050981A1 publication Critical patent/US20030050981A1/en
Priority to US11/403,584 priority patent/US7389422B2/en
Priority to US12/136,020 priority patent/US20080235797A1/en
Priority to US12/136,024 priority patent/US20080235345A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/07User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail characterised by the inclusion of specific contents
    • H04L51/08Annexed information, e.g. attachments
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/21Monitoring or handling of messages
    • H04L51/214Monitoring or handling of messages using selective forwarding
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/48Message addressing, e.g. address format or anonymous messages, aliases

Definitions

  • the present invention relates to network data processing systems and, in particular, to electronic mail. Still more particularly, the present invention provides a method, apparatus, and program for verifying multiple digital signatures in mail forwarding.
  • e-mail plays a pivotal role in communications, both in the corporate and noncorporate worlds. Since the content of e-mail can evoke a range of actions, such as litigation, it is important to assign responsibility and the non-repudiation properties to e-mail transmissions. Furthermore, with the spread of viruses and spyware through electronic transmissions, improved security and accountability is needed. Under current implementations, an e-mail message typically bears the digital signature of the sender. However, in the case of forwarded e-mail, there is no way to attach easily enforceable non-repudiation properties and responsibilities to the chain of recipients. In essence, the sender becomes responsible for the entire content in case of disputes under the current implementations. This implies that the sender has to always peruse through the entire chain before forwarding an e-mail message. This may be time consuming.
  • the present invention provides a mechanism for augmenting the mail header of a message with a list of digital signatures representing the chain of contributors to the message.
  • the augmented header may also encode the actual contributions corresponding to each digital signature. For example, when a user forwards a message and makes a contribution, the beginning bytes and length of the contribution may be associated with that user's digital signature in the header. Similarly, an attachment filename may be associated with a user that attaches a file in a forwarded message. The list is appended every time a message is forwarded. If a message has a portion with no corresponding digital signature or if one or more of the digital signatures is not trusted, the user may handle the message accordingly.
  • a user may choose to delete a message without opening if a file is attached by an untrusted user.
  • a mail server or client may discard a message if the number of digital signatures exceeds a threshold to filter out unwanted messages, such as e-mail chain letters.
  • FIG. 1 depicts a pictorial representation of a network of data processing systems in which the present invention may be implemented
  • FIG. 2 is a block diagram of a data processing system that may be implemented as a server in accordance with a preferred embodiment of the present invention
  • FIG. 3 is a block diagram illustrating a data processing system in which the present invention may be implemented
  • FIGS. 4A and 4B are pictorial representations of example network data processing systems in accordance with a preferred embodiment of the present invention.
  • FIG. 5 is a flowchart illustrating the operation of a mail client sending a message in accordance with a preferred embodiment of the present invention
  • FIG. 6 is a flowchart illustrating the operation of a mail client sending a message in accordance with a preferred embodiment of the present invention
  • FIG. 7 is a flowchart depicting the operation of a mail client receiving a message in accordance with a preferred embodiment of the present invention.
  • FIG. 8 is a flowchart illustrating the operation of a process for filtering out unwanted messages in accordance with a preferred embodiment of the present invention.
  • FIG. 1 depicts a pictorial representation of a network of data processing systems in which the present invention may be implemented.
  • Network data processing system 100 is a network of computers in which the present invention may be implemented.
  • Network data processing system 100 contains a network 102 , which is the medium used to provide communications links between various devices and computers connected together within network data processing system 100 .
  • Network 102 may include connections, such as wire, wireless communication links, or fiber optic cables.
  • server 104 is connected to network 102 along with storage unit 106 .
  • clients 108 , 110 , and 112 are connected to network 102 .
  • These clients 108 , 110 , and 112 may be, for example, personal computers or network computers.
  • server 104 provides data, such as boot files, operating system images, and applications to clients 108 - 112 .
  • Clients 108 , 110 , and 112 are clients to server 104 .
  • Network data processing system 100 may include additional servers, clients, and other devices not shown.
  • network 102 represents the Internet, a worldwide collection of networks and gateways that use the TCP/IP suite of protocols to communicate with one another.
  • network data processing system 100 also may be implemented as a number of different types of networks, such as for example, an intranet, a local area network (LAN), or a wide area network (WAN).
  • FIG. 1 is intended as an example, and not as an architectural limitation for the present invention.
  • Data processing system 200 may be a symmetric multiprocessor (SMP) system including a plurality of processors 202 and 204 connected to system bus 206 . Alternatively, a single processor system may be employed. Also connected to system bus 206 is memory controller/cache 208 , which provides an interface to local memory 209 . I/O bus bridge 210 is connected to system bus 206 and provides an interface to I/O bus 212 . Memory controller/cache 208 and I/O bus bridge 210 may be integrated as depicted.
  • SMP symmetric multiprocessor
  • Peripheral component interconnect (PCI) bus bridge 214 connected to I/O bus 212 provides an interface to PCI local bus 216 .
  • PCI Peripheral component interconnect
  • a number of modems may be connected to PCI local bus 216 .
  • Typical PCI bus implementations will support four PCI expansion slots or add-in connectors.
  • Communications links to network computers 108 - 112 in FIG. 1 may be provided through modem 218 and network adapter 220 connected to PCI local bus 216 through add-in boards.
  • Additional PCI bus bridges 222 and 224 provide interfaces for additional PCI local buses 226 and 228 , from which additional modems or network adapters may be supported. In this manner, data processing system 200 allows connections to multiple network computers.
  • a memory-mapped graphics adapter 230 and hard disk 232 may also be connected to I/O bus 212 as depicted, either directly or indirectly.
  • FIG. 2 may vary.
  • other peripheral devices such as optical disk drives and the like, also may be used in addition to or in place of the hardware depicted.
  • the depicted example is not meant to imply architectural limitations with respect to the present invention.
  • the data processing system depicted in FIG. 2 may be, for example, an IBM e-Server pSeries system, a product of International Business Machines Corporation in Armonk, N.Y., running the Advanced Interactive Executive (AIX) operating system or LINUX operating system.
  • AIX Advanced Interactive Executive
  • Data processing system 300 is an example of a client computer.
  • Data processing system 300 employs a peripheral component interconnect (PCI) local bus architecture.
  • PCI peripheral component interconnect
  • AGP Accelerated Graphics Port
  • ISA Industry Standard Architecture
  • Processor 302 and main memory 304 are connected to PCI local bus 306 through PCI bridge 308 .
  • PCI bridge 308 also may include an integrated memory controller and cache memory for processor 302 . Additional connections to PCI local bus 306 may be made through direct component interconnection or through add-in boards.
  • local area network (LAN) adapter 310 SCSI host bus adapter 312 , and expansion bus interface 314 are connected to PCI local bus 306 by direct component connection.
  • audio adapter 316 graphics adapter 318 , and audio/video adapter 319 are connected to PCI local bus 306 by add-in boards inserted into expansion slots.
  • Expansion bus interface 314 provides a connection for a keyboard and mouse adapter 320 , modem 322 , and additional memory 324 .
  • Small computer system interface (SCSI) host bus adapter 312 provides a connection for hard disk drive 326 , tape drive 328 , and CD-ROM drive 330 .
  • Typical PCI local bus implementations will support three or four PCI expansion slots or add-in connectors.
  • An operating system runs on processor 302 and is used to coordinate and provide control of various components within data processing system 300 in FIG. 3.
  • the operating system may be a commercially available operating system, such as Windows 2000, which is available from Microsoft Corporation.
  • An object oriented programming system such as Java may run in conjunction with the operating system and provide calls to the operating system from Java programs or applications executing on data processing system 300 .
  • Java is a trademark of Sun Microsystems, Inc. Instructions for the operating system and applications or programs are located on storage devices, such as hard disk drive 326 , and may be loaded into main memory 304 for execution by processor 302 .
  • FIG. 3 may vary depending on the implementation.
  • Other internal hardware or peripheral devices such as flash ROM (or equivalent nonvolatile memory) or optical disk drives and the like, may be used in addition to or in place of the hardware depicted in FIG. 3.
  • the processes of the present invention may be applied to a multiprocessor data processing system.
  • data processing system 300 may be a stand-alone system configured to be bootable without relying on some type of network communication interface, whether or not data processing system 300 comprises some type of network communication interface.
  • data processing system 300 may be a Personal Digital Assistant (PDA) device, which is configured with ROM and/or flash ROM in order to provide nonvolatile memory for storing operating system files and/or user-generated data.
  • PDA Personal Digital Assistant
  • data processing system 300 also may be a notebook computer or hand held computer in addition to taking the form of a PDA.
  • data processing system 300 also may be a kiosk or a Web appliance.
  • server 104 may be a message server, such as an e-mail server.
  • Clients 108 , 110 , 112 may transmit messages to one another through server 104 . More particularly, the messages may be forwarded e-mail messages. For example, client 108 may send an e-mail message to client 110 and client 110 may forward the e-mail message to client 112 .
  • FIG. 1 shows one server, the network configuration may include more servers. In fact, each client may have its own mail server.
  • e-mail messages typically bear the digital signature of the sender.
  • the message bears the digital signature of the user of client 108 .
  • the forwarded message bears the digital signature of the user of client 110 . Therefore, the user of client 112 can only authenticate the message with respect to the user of client 110 . Even if the user of client 112 trusts the user of client 110 , there is no way in the prior art to authenticate the originator of the forwarded message.
  • each client executes e-mail client software that augments the e-mail message header with a list of digital signatures representing the chain of contributors in an e-mail.
  • the list is appended every time an e-mail message is forwarded.
  • the header may also encode the actual contributions corresponding to each digital signature. For example, when a user forwards a message and includes a contribution, the beginning bytes and length of the contribution are associated with that user's digital signature in the header. However, other methods of associating the contribution with the digital signature may be used, such as marking up the actual message content.
  • an attachment filename may also be associated with a user that attaches a file in a forwarded message.
  • a network data processing system contains Internet 402 , which is the medium used to provide communications links between various devices and computers connected together within the network data processing system.
  • Client 1 404 communicates with mail server 1 406 through Internet 402 to send and receive mail.
  • client 2 408 communicates with mail server 410 and client 3 412 communicates with mail server 3 414 .
  • Person 1 uses client 1 to composes message 420 and sends the message to person 2 at client 2 .
  • Mail message 420 bears digital signature 422 for person 1 and includes the contribution of person 1 .
  • the mail message is transferred by sending the message from client 1 to mail server 1 .
  • Mail server 1 then transfers the message to mail server 2 .
  • Person 2 may then retrieve the mail message as message 424 from mail server 2 using client 2 .
  • Person 2 may then authenticate the digital signature of person 1 in a known manner.
  • Person 2 may then make a contribution and forward the message.
  • the mail client software running on client 2 appends digital signature 426 of person 2 to message 424 and includes a contribution of person 2 before transferring the message to mail server 2 .
  • Mail server 2 then transfers the message to mail server 3 , where it may be delivered to client 3 .
  • the message When person 3 retrieves the message as message 428 from mail server 3 , the message includes in the header digital signatures 430 . These digital signatures include the digital signature for person 1 and the digital signature for person 2 . The message body includes the contribution of person 1 and the contribution of person 2 . The header may also encode the actual contributions corresponding to each digital signature, as stated above.
  • the message from person 1 when person 2 forwards message 424 , the message from person 1 is included as attachment.
  • the message when person 3 retrieves message 428 , the message includes attachment 432 including message 434 from person 1 .
  • the header may then associate the digital signature of person 1 with the attachment. Therefore, the digital signature for person 2 may be verified with respect to message 428 and the digital signature for person 1 may be verified with respect to message 434 .
  • FIG. 4B an example is shown in which an attachment is added in a forwarded message.
  • Person 1 uses client 1 to send message 440 to person 2 at client 2 .
  • Mail message 440 bears digital signature 442 for person 1 and includes a contribution of person 1 .
  • Person 2 receives the message as message 444 and may then authenticate the digital signature of person 1 .
  • the mail client software running on client 2 appends digital signature 446 of person 2 to message 444 before transferring the message to mail server 2 .
  • Person 2 may include attachment 448 in message 444 .
  • the mail client software running on client 2 then includes the contribution of person 2 , including the file attachment, and associates the attachment filename with the digital signature for person 2 .
  • Mail server 2 then transfers the message to mail server 3 , where it may be delivered to client 3 .
  • the message When person 3 retrieves the message as message 450 from mail server 3 , the message includes in the header digital signatures 452 . These digital signatures include the digital signature for person 1 and the digital signature for person 2 .
  • the header may also encode the actual contributions corresponding to each digital signature. Particularly, the header associates the attachment filename with the digital signature for person 2 . Thus, person 3 may authenticate the digital signature for person 2 before opening the attachment. Furthermore, even if person 3 forwards the message to another person, the attachment remains associated with the digital signature for person 2 .
  • the contributions may also be encoded within the header, such as by indicating a beginning location and a length of a contribution.
  • contributions may be encoded within the body of the message, such as through journaling techniques or tools for tracking edits similar to those in word processing applications. For example, a mail client application may track changes made by each user and display the changes for each person using a different color.
  • the client device includes communications interface 510 that is used to communicate with a mail server to send and receive mail messages.
  • the system also includes mail client 520 for presenting, organizing, and composing mail messages.
  • Mail client 520 includes mail forwarding manager 522 .
  • the mail forwarding manager allows the user to forward mail messages and to verify forwarded mail messages that are received. Digital signatures are verified using signature verification mechanism 530 .
  • Controller 540 controls the overall operation of the client device. Controller 540 sends and receives data through communications interface 510 and controls the operation of mail client and the signature verification mechanism to carry out the functions of the present invention.
  • the elements of the functional block diagram of FIG. 5 may be implemented as hardware, software, or a combination of hardware and software components. In a preferred embodiment, the functional elements shown in FIG. 5 are implemented as software instructions executed by one or more of the hardware elements shown in FIG. 3.
  • FIG. 6 a flowchart is depicted illustrating the operation of a mail client sending a message in accordance with a preferred embodiment of the present invention.
  • the process begins when a mail message is being sent. A determination is made as to whether the mail is forwarded mail (step 602 ). If the mail is forwarded mail, the process appends the digital signature of the sender to the message header (step 604 ) and associates the current contribution with the digital signature of the sender (step 606 ).
  • step 608 a determination is made as to whether an attachment is added. If an attachment is not added, the process sends the mail message (step 610 ) and ends. If an attachment is added in step 608 , the process associates the attachment filename with the digital signature of the sender in the header (step 612 ). Then, a determination is made as to whether the attachment is the last attachment (step 614 ). If the attachment is the last attachment, the process sends the mail message (step 610 ) and ends. If the attachment is not the last attachment, the process returns to step 612 to associate the next attachment filename with the digital signature of the sender in the header.
  • step 602 if the mail message is not forwarded mail, the process includes the digital signature of the sender in the header (step 616 ) as known in the art. Thereafter, the process proceeds to step 608 to determine whether an attachment is added.
  • the present invention may associate an attachment filename with the sender even if the message is not a forwarded mail message. This allows any file attachments to be associated with the sender if the message is forwarded by any of the recipients.
  • FIG. 7 a flowchart depicting the operation of a mail client receiving a message is shown in accordance with a preferred embodiment of the present invention.
  • the process begins and receives a mail message (step 702 ).
  • the process verifies the digital signatures in the header (step 704 ).
  • a determination is made as to whether the signatures are verified (step 706 ). If the digital signatures are approved, the mail client opens the mail message (step 708 ) and ends. However, if the digital signatures are not verified in step 706 , the process gives the user the option to accept the digital signature or delete the mail message (step 710 ) and ends.
  • the user may accept the digital signature to be added to the trusted list. However, if the user does not recognize or trust the person, the user may simply delete the e-mail without being exposed to its content.
  • the signatures may be verified by checking the authenticity of the signatures themselves. Furthermore, a user may not trust a sender and the mail message may not be verified, because one of the senders in the chain is not trusted. Still further, the forwarded mail message may include content for which there is no associated digital signature. For example, a mail message may include an attachment, the filename of which is not associated with a digital signature. Such a mail message would fail verification.
  • FIG. 8 a flowchart illustrating the operation of a process for filtering out unwanted messages is shown in accordance with a preferred embodiment of the present invention.
  • the process begins and receives a mail message (step 802 ).
  • the process compares the number of digital signatures in the header to a threshold (step 804 ) and a determination is made as to whether the number of signatures exceeds the threshold (step 806 ). If the number of signatures does not exceed the threshold, the process delivers the mail to the user's mailbox (step 808 ) and ends. If the number of signatures exceeds the threshold in step 806 , the process discards the mail message (step 810 ) and ends.
  • the threshold may be selected by a user. For example, a subscriber to the mail server may determine that a mail message that has been forwarded fifty or more times, for instance, is likely to be an e-mail chain letter.
  • the present invention solves the disadvantages of the prior art by providing a mechanism for augmenting the mail header of a message with a list of digital signatures representing the chain of contributors to the message.
  • the augmented header may also encode the actual contributions corresponding to each digital signature.
  • the list is appended every time a message is forwarded. If a message has a portion with no corresponding digital signature or if one or more of the digital signatures is not trusted, the user may handle the message accordingly.
  • a mail server or client may discard a message if the number of digital signatures exceeds a threshold to filter out unwanted messages, such as e-mail chain letters.

Abstract

A mechanism is provided for augmenting the mail header of a message with a list of digital signatures representing the chain of contributors to the message. The augmented header may also encode the actual contributions corresponding to each digital signature. The list is appended every time a message is forwarded. If a message has a portion with no corresponding digital signature or if one or more of the digital signatures is not trusted, the user may handle the message accordingly. Furthermore, a mail server or client may discard a message if the number of digital signatures exceeds a threshold to filter out unwanted messages, such as e-mail chain letters.

Description

    BACKGROUND OF THE INVENTION
  • 1. Technical Field [0001]
  • The present invention relates to network data processing systems and, in particular, to electronic mail. Still more particularly, the present invention provides a method, apparatus, and program for verifying multiple digital signatures in mail forwarding. [0002]
  • 2. Description of Related Art [0003]
  • With the increasing popularity of computers, paper transactions are gradually being replaced by digital formats, such as e-mail and electronic data interchange (EDI). While the legal framework to establish and support the validity of digital transactions are evolving, it is clear that digital signatures will play a pivotal role, especially in the area of non-repudiation in the near future. Therefore, it is essential that important documents are digitally signed for them to support the framework alluded to above. [0004]
  • In this context, e-mail plays a pivotal role in communications, both in the corporate and noncorporate worlds. Since the content of e-mail can evoke a range of actions, such as litigation, it is important to assign responsibility and the non-repudiation properties to e-mail transmissions. Furthermore, with the spread of viruses and spyware through electronic transmissions, improved security and accountability is needed. Under current implementations, an e-mail message typically bears the digital signature of the sender. However, in the case of forwarded e-mail, there is no way to attach easily enforceable non-repudiation properties and responsibilities to the chain of recipients. In essence, the sender becomes responsible for the entire content in case of disputes under the current implementations. This implies that the sender has to always peruse through the entire chain before forwarding an e-mail message. This may be time consuming. [0005]
  • Therefore, it would be advantageous to provide a mechanism for the insertion and retention of multiple digital signatures corresponding to contributing authors in forwarded e-mail. [0006]
  • SUMMARY OF THE INVENTION
  • The present invention provides a mechanism for augmenting the mail header of a message with a list of digital signatures representing the chain of contributors to the message. The augmented header may also encode the actual contributions corresponding to each digital signature. For example, when a user forwards a message and makes a contribution, the beginning bytes and length of the contribution may be associated with that user's digital signature in the header. Similarly, an attachment filename may be associated with a user that attaches a file in a forwarded message. The list is appended every time a message is forwarded. If a message has a portion with no corresponding digital signature or if one or more of the digital signatures is not trusted, the user may handle the message accordingly. For example, a user may choose to delete a message without opening if a file is attached by an untrusted user. Furthermore, a mail server or client may discard a message if the number of digital signatures exceeds a threshold to filter out unwanted messages, such as e-mail chain letters. [0007]
  • BRIEF DESCRIPTION OF THE DRAWINGS
  • The novel features believed characteristic of the invention are set forth in the appended claims. The invention itself, however, as well as a preferred mode of use, further objectives and advantages thereof, will best be understood by reference to the following detailed description of an illustrative embodiment when read in conjunction with the accompanying drawings, wherein: [0008]
  • FIG. 1 depicts a pictorial representation of a network of data processing systems in which the present invention may be implemented; [0009]
  • FIG. 2 is a block diagram of a data processing system that may be implemented as a server in accordance with a preferred embodiment of the present invention; [0010]
  • FIG. 3 is a block diagram illustrating a data processing system in which the present invention may be implemented; [0011]
  • FIGS. 4A and 4B are pictorial representations of example network data processing systems in accordance with a preferred embodiment of the present invention; [0012]
  • FIG. 5 is a flowchart illustrating the operation of a mail client sending a message in accordance with a preferred embodiment of the present invention; [0013]
  • FIG. 6 is a flowchart illustrating the operation of a mail client sending a message in accordance with a preferred embodiment of the present invention; [0014]
  • FIG. 7 is a flowchart depicting the operation of a mail client receiving a message in accordance with a preferred embodiment of the present invention; and [0015]
  • FIG. 8 is a flowchart illustrating the operation of a process for filtering out unwanted messages in accordance with a preferred embodiment of the present invention. [0016]
  • DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT
  • With reference now to the figures, FIG. 1 depicts a pictorial representation of a network of data processing systems in which the present invention may be implemented. Network [0017] data processing system 100 is a network of computers in which the present invention may be implemented. Network data processing system 100 contains a network 102, which is the medium used to provide communications links between various devices and computers connected together within network data processing system 100. Network 102 may include connections, such as wire, wireless communication links, or fiber optic cables.
  • In the depicted example, [0018] server 104 is connected to network 102 along with storage unit 106. In addition, clients 108, 110, and 112 are connected to network 102. These clients 108, 110, and 112 may be, for example, personal computers or network computers. In the depicted example, server 104 provides data, such as boot files, operating system images, and applications to clients 108-112. Clients 108, 110, and 112 are clients to server 104. Network data processing system 100 may include additional servers, clients, and other devices not shown. In the depicted example, network 102 represents the Internet, a worldwide collection of networks and gateways that use the TCP/IP suite of protocols to communicate with one another. At the heart of the Internet is a backbone of high-speed data communication lines between major nodes or host computers, consisting of thousands of commercial, government, educational and other computer systems that route data and messages. Of course, network data processing system 100 also may be implemented as a number of different types of networks, such as for example, an intranet, a local area network (LAN), or a wide area network (WAN). FIG. 1 is intended as an example, and not as an architectural limitation for the present invention.
  • Referring to FIG. 2, a block diagram of a data processing system that may be implemented as a server, such as [0019] server 104 in FIG. 1, is depicted in accordance with a preferred embodiment of the present invention. Data processing system 200 may be a symmetric multiprocessor (SMP) system including a plurality of processors 202 and 204 connected to system bus 206. Alternatively, a single processor system may be employed. Also connected to system bus 206 is memory controller/cache 208, which provides an interface to local memory 209. I/O bus bridge 210 is connected to system bus 206 and provides an interface to I/O bus 212. Memory controller/cache 208 and I/O bus bridge 210 may be integrated as depicted.
  • Peripheral component interconnect (PCI) bus bridge [0020] 214 connected to I/O bus 212 provides an interface to PCI local bus 216. A number of modems may be connected to PCI local bus 216. Typical PCI bus implementations will support four PCI expansion slots or add-in connectors. Communications links to network computers 108-112 in FIG. 1 may be provided through modem 218 and network adapter 220 connected to PCI local bus 216 through add-in boards.
  • Additional PCI bus bridges [0021] 222 and 224 provide interfaces for additional PCI local buses 226 and 228, from which additional modems or network adapters may be supported. In this manner, data processing system 200 allows connections to multiple network computers. A memory-mapped graphics adapter 230 and hard disk 232 may also be connected to I/O bus 212 as depicted, either directly or indirectly.
  • Those of ordinary skill in the art will appreciate that the hardware depicted in FIG. 2 may vary. For example, other peripheral devices, such as optical disk drives and the like, also may be used in addition to or in place of the hardware depicted. The depicted example is not meant to imply architectural limitations with respect to the present invention. [0022]
  • The data processing system depicted in FIG. 2 may be, for example, an IBM e-Server pSeries system, a product of International Business Machines Corporation in Armonk, N.Y., running the Advanced Interactive Executive (AIX) operating system or LINUX operating system. [0023]
  • With reference now to FIG. 3, a block diagram illustrating a data processing system is depicted in which the present invention may be implemented. [0024] Data processing system 300 is an example of a client computer. Data processing system 300 employs a peripheral component interconnect (PCI) local bus architecture. Although the depicted example employs a PCI bus, other bus architectures such as Accelerated Graphics Port (AGP) and Industry Standard Architecture (ISA) may be used. Processor 302 and main memory 304 are connected to PCI local bus 306 through PCI bridge 308. PCI bridge 308 also may include an integrated memory controller and cache memory for processor 302. Additional connections to PCI local bus 306 may be made through direct component interconnection or through add-in boards. In the depicted example, local area network (LAN) adapter 310, SCSI host bus adapter 312, and expansion bus interface 314 are connected to PCI local bus 306 by direct component connection. In contrast, audio adapter 316, graphics adapter 318, and audio/video adapter 319 are connected to PCI local bus 306 by add-in boards inserted into expansion slots. Expansion bus interface 314 provides a connection for a keyboard and mouse adapter 320, modem 322, and additional memory 324. Small computer system interface (SCSI) host bus adapter 312 provides a connection for hard disk drive 326, tape drive 328, and CD-ROM drive 330. Typical PCI local bus implementations will support three or four PCI expansion slots or add-in connectors.
  • An operating system runs on [0025] processor 302 and is used to coordinate and provide control of various components within data processing system 300 in FIG. 3. The operating system may be a commercially available operating system, such as Windows 2000, which is available from Microsoft Corporation. An object oriented programming system such as Java may run in conjunction with the operating system and provide calls to the operating system from Java programs or applications executing on data processing system 300. “Java” is a trademark of Sun Microsystems, Inc. Instructions for the operating system and applications or programs are located on storage devices, such as hard disk drive 326, and may be loaded into main memory 304 for execution by processor 302.
  • Those of ordinary skill in the art will appreciate that the hardware in FIG. 3 may vary depending on the implementation. Other internal hardware or peripheral devices, such as flash ROM (or equivalent nonvolatile memory) or optical disk drives and the like, may be used in addition to or in place of the hardware depicted in FIG. 3. Also, the processes of the present invention may be applied to a multiprocessor data processing system. [0026]
  • As another example, [0027] data processing system 300 may be a stand-alone system configured to be bootable without relying on some type of network communication interface, whether or not data processing system 300 comprises some type of network communication interface. As a further example, data processing system 300 may be a Personal Digital Assistant (PDA) device, which is configured with ROM and/or flash ROM in order to provide nonvolatile memory for storing operating system files and/or user-generated data.
  • The depicted example in FIG. 3 and above-described examples are not meant to imply architectural limitations. For example, [0028] data processing system 300 also may be a notebook computer or hand held computer in addition to taking the form of a PDA. Data processing system 300 also may be a kiosk or a Web appliance.
  • Returning to FIG. 1, [0029] server 104 may be a message server, such as an e-mail server. Clients 108, 110, 112 may transmit messages to one another through server 104. More particularly, the messages may be forwarded e-mail messages. For example, client 108 may send an e-mail message to client 110 and client 110 may forward the e-mail message to client 112. While FIG. 1 shows one server, the network configuration may include more servers. In fact, each client may have its own mail server.
  • In prior art implementations, e-mail messages typically bear the digital signature of the sender. In other words, when a message is sent from [0030] client 108 to client 110, the message bears the digital signature of the user of client 108. When the message is forwarded from client 110 to client 112, the forwarded message bears the digital signature of the user of client 110. Therefore, the user of client 112 can only authenticate the message with respect to the user of client 110. Even if the user of client 112 trusts the user of client 110, there is no way in the prior art to authenticate the originator of the forwarded message.
  • In accordance with a preferred embodiment of the present invention, each client executes e-mail client software that augments the e-mail message header with a list of digital signatures representing the chain of contributors in an e-mail. The list is appended every time an e-mail message is forwarded. The header may also encode the actual contributions corresponding to each digital signature. For example, when a user forwards a message and includes a contribution, the beginning bytes and length of the contribution are associated with that user's digital signature in the header. However, other methods of associating the contribution with the digital signature may be used, such as marking up the actual message content. Furthermore, an attachment filename may also be associated with a user that attaches a file in a forwarded message. [0031]
  • With reference to FIGS. 4A and 4B, pictorial representations of example network data processing systems are shown in accordance with a preferred embodiment of the present invention. Particularly, with respect to FIG. 4A, a network data processing system contains [0032] Internet 402, which is the medium used to provide communications links between various devices and computers connected together within the network data processing system. Client 1 404 communicates with mail server 1 406 through Internet 402 to send and receive mail. Similarly, client 2 408 communicates with mail server 410 and client 3 412 communicates with mail server 3 414.
  • [0033] Person 1 uses client 1 to composes message 420 and sends the message to person 2 at client 2. Mail message 420 bears digital signature 422 for person 1 and includes the contribution of person 1. The mail message is transferred by sending the message from client 1 to mail server 1. Mail server 1 then transfers the message to mail server 2. Person 2 may then retrieve the mail message as message 424 from mail server 2 using client 2. Person 2 may then authenticate the digital signature of person 1 in a known manner.
  • [0034] Person 2 may then make a contribution and forward the message. When person 2 forwards message 424 to person 3, the mail client software running on client 2 appends digital signature 426 of person 2 to message 424 and includes a contribution of person 2 before transferring the message to mail server 2. Mail server 2 then transfers the message to mail server 3, where it may be delivered to client 3.
  • When [0035] person 3 retrieves the message as message 428 from mail server 3, the message includes in the header digital signatures 430. These digital signatures include the digital signature for person 1 and the digital signature for person 2. The message body includes the contribution of person 1 and the contribution of person 2. The header may also encode the actual contributions corresponding to each digital signature, as stated above.
  • In an alternative embodiment, when [0036] person 2 forwards message 424, the message from person 1 is included as attachment. Thus, when person 3 retrieves message 428, the message includes attachment 432 including message 434 from person 1. The header may then associate the digital signature of person 1 with the attachment. Therefore, the digital signature for person 2 may be verified with respect to message 428 and the digital signature for person 1 may be verified with respect to message 434.
  • Turning now to FIG. 4B, an example is shown in which an attachment is added in a forwarded message. [0037] Person 1 uses client 1 to send message 440 to person 2 at client 2. Mail message 440 bears digital signature 442 for person 1 and includes a contribution of person 1. Person 2 receives the message as message 444 and may then authenticate the digital signature of person 1. When person 2 forwards message 444 to person 3, the mail client software running on client 2 appends digital signature 446 of person 2 to message 444 before transferring the message to mail server 2. Person 2 may include attachment 448 in message 444. The mail client software running on client 2 then includes the contribution of person 2, including the file attachment, and associates the attachment filename with the digital signature for person 2. Mail server 2 then transfers the message to mail server 3, where it may be delivered to client 3.
  • When [0038] person 3 retrieves the message as message 450 from mail server 3, the message includes in the header digital signatures 452. These digital signatures include the digital signature for person 1 and the digital signature for person 2. The header may also encode the actual contributions corresponding to each digital signature. Particularly, the header associates the attachment filename with the digital signature for person 2. Thus, person 3 may authenticate the digital signature for person 2 before opening the attachment. Furthermore, even if person 3 forwards the message to another person, the attachment remains associated with the digital signature for person 2.
  • The contributions may also be encoded within the header, such as by indicating a beginning location and a length of a contribution. Alternatively, contributions may be encoded within the body of the message, such as through journaling techniques or tools for tracking edits similar to those in word processing applications. For example, a mail client application may track changes made by each user and display the changes for each person using a different color. [0039]
  • With reference to FIG. 5, a block diagram of the functional components of a client device is shown in accordance with a preferred embodiment of the present invention. The client device includes [0040] communications interface 510 that is used to communicate with a mail server to send and receive mail messages. The system also includes mail client 520 for presenting, organizing, and composing mail messages. Mail client 520 includes mail forwarding manager 522. The mail forwarding manager allows the user to forward mail messages and to verify forwarded mail messages that are received. Digital signatures are verified using signature verification mechanism 530.
  • [0041] Controller 540 controls the overall operation of the client device. Controller 540 sends and receives data through communications interface 510 and controls the operation of mail client and the signature verification mechanism to carry out the functions of the present invention. The elements of the functional block diagram of FIG. 5 may be implemented as hardware, software, or a combination of hardware and software components. In a preferred embodiment, the functional elements shown in FIG. 5 are implemented as software instructions executed by one or more of the hardware elements shown in FIG. 3.
  • With reference to FIG. 6, a flowchart is depicted illustrating the operation of a mail client sending a message in accordance with a preferred embodiment of the present invention. The process begins when a mail message is being sent. A determination is made as to whether the mail is forwarded mail (step [0042] 602). If the mail is forwarded mail, the process appends the digital signature of the sender to the message header (step 604) and associates the current contribution with the digital signature of the sender (step 606).
  • Next, a determination is made as to whether an attachment is added (step [0043] 608). If an attachment is not added, the process sends the mail message (step 610) and ends. If an attachment is added in step 608, the process associates the attachment filename with the digital signature of the sender in the header (step 612). Then, a determination is made as to whether the attachment is the last attachment (step 614). If the attachment is the last attachment, the process sends the mail message (step 610) and ends. If the attachment is not the last attachment, the process returns to step 612 to associate the next attachment filename with the digital signature of the sender in the header.
  • Returning to step [0044] 602, if the mail message is not forwarded mail, the process includes the digital signature of the sender in the header (step 616) as known in the art. Thereafter, the process proceeds to step 608 to determine whether an attachment is added. Thus, the present invention may associate an attachment filename with the sender even if the message is not a forwarded mail message. This allows any file attachments to be associated with the sender if the message is forwarded by any of the recipients.
  • With reference now to FIG. 7, a flowchart depicting the operation of a mail client receiving a message is shown in accordance with a preferred embodiment of the present invention. The process begins and receives a mail message (step [0045] 702). The process then verifies the digital signatures in the header (step 704). A determination is made as to whether the signatures are verified (step 706). If the digital signatures are approved, the mail client opens the mail message (step 708) and ends. However, if the digital signatures are not verified in step 706, the process gives the user the option to accept the digital signature or delete the mail message (step 710) and ends.
  • Thus, if the user knows and trusts the person associated with the digital signature, the user may accept the digital signature to be added to the trusted list. However, if the user does not recognize or trust the person, the user may simply delete the e-mail without being exposed to its content. [0046]
  • The signatures may be verified by checking the authenticity of the signatures themselves. Furthermore, a user may not trust a sender and the mail message may not be verified, because one of the senders in the chain is not trusted. Still further, the forwarded mail message may include content for which there is no associated digital signature. For example, a mail message may include an attachment, the filename of which is not associated with a digital signature. Such a mail message would fail verification. [0047]
  • Turning now to FIG. 8, a flowchart illustrating the operation of a process for filtering out unwanted messages is shown in accordance with a preferred embodiment of the present invention. The process begins and receives a mail message (step [0048] 802). Next, the process compares the number of digital signatures in the header to a threshold (step 804) and a determination is made as to whether the number of signatures exceeds the threshold (step 806). If the number of signatures does not exceed the threshold, the process delivers the mail to the user's mailbox (step 808) and ends. If the number of signatures exceeds the threshold in step 806, the process discards the mail message (step 810) and ends.
  • The threshold may be selected by a user. For example, a subscriber to the mail server may determine that a mail message that has been forwarded fifty or more times, for instance, is likely to be an e-mail chain letter. [0049]
  • Thus, the present invention solves the disadvantages of the prior art by providing a mechanism for augmenting the mail header of a message with a list of digital signatures representing the chain of contributors to the message. The augmented header may also encode the actual contributions corresponding to each digital signature. The list is appended every time a message is forwarded. If a message has a portion with no corresponding digital signature or if one or more of the digital signatures is not trusted, the user may handle the message accordingly. Furthermore, a mail server or client may discard a message if the number of digital signatures exceeds a threshold to filter out unwanted messages, such as e-mail chain letters. [0050]
  • It is important to note that while the present invention has been described in the context of a fully functioning data processing system, those of ordinary skill in the art will appreciate that the processes of the present invention are capable of being distributed in the form of a computer readable medium of instructions and a variety of forms and that the present invention applies equally regardless of the particular type of signal bearing media actually used to carry out the distribution. Examples of computer readable media include recordable-type media, such as a floppy disk, a hard disk drive, a RAM, CD-ROMs, DVD-ROMs, and transmission-type media, such as digital and analog communications links, wired or wireless communications links using transmission forms, such as, for example, radio frequency and light wave transmissions. The computer readable media may take the form of coded formats that are decoded for actual use in a particular data processing system. [0051]
  • The description of the present invention has been presented for purposes of illustration and description, and is not intended to be exhaustive or limited to the invention in the form disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art. The embodiment was chosen and described in order to best explain the principles of the invention, the practical application, and to enable others of ordinary skill in the art to understand the invention for various embodiments with various modifications as are suited to the particular use contemplated. [0052]

Claims (24)

What is claimed is:
1. A method for forwarding a message, comprising:
receiving a message from a first user at a computer of a second user, wherein the message has attached thereto a first digital signature corresponding to the first user;
attaching to the message a second digital signature corresponding to the second user; and
forwarding the message to a third user.
2. The method of claim 1, further comprising:
identifying a contribution made by the second user; and
associating the contribution made by the second user with the second digital signature.
3. The method of claim 2, wherein the contribution comprises a file attachment and the method further comprises associating a filename of the file attachment with the second digital signature.
4. The method of claim 1, wherein the step of forwarding the message comprises forwarding the message as an attachment and the step of associating comprises associating the attachment with the first digital signature.
5. A method for receiving a forwarded message, comprising:
receiving a message at a computer of a third user, wherein the message was sent from a first user to a second user and subsequently forwarded to the third user, and wherein the message has attached thereto a first digital signature corresponding to the first user and a second digital signature corresponding to the second user;
verifying the first digital signature and the second digital signature; and
opening the message if the first digital signature and the second digital signature are approved.
6. The method of claim 5, wherein the step of verifying the first digital signature and the second digital signature comprises:
comparing the first digital signature and the second digital signature to a list of trusted digital signatures; and
approving the first digital signature and the second digital signature if they are in the list of trusted digital signatures.
7. The method of claim 6, further comprising:
denying the first digital signature or the second digital signature if it is not in the list of trusted digital signatures;
prompting the third user to accept the denied digital signature; and
adding the denied digital signature to the list of trusted digital signatures if the user accepts the denied digital signature.
8. The method of claim 6, further comprising deleting the message if the first digital signature or the second digital signature is not approved.
9. The method of claim 5, further comprising:
attaching to the message a third digital signature corresponding to the third user; and
forwarding the message to a fourth user.
10. A method for receiving a forwarded message, comprising:
receiving a message, wherein the message was forwarded by a plurality of users, and wherein the message has attached thereto digital signatures corresponding to each of the plurality of users;
determining the number of users in the plurality of users;
comparing the number to a threshold; and
discarding the message if the number exceeds the threshold.
11. An apparatus for forwarding a message, comprising:
receipt means for receiving a message from a first user at a computer of a second user, wherein the message has attached thereto a first digital signature corresponding to the first user;
attachment means for attaching to the message a second digital signature corresponding to the second user; and
forwarding means for forwarding the message to a third user.
12. The apparatus of claim 11, further comprising:
identification means for identifying a contribution made by the second user; and
association means for associating the contribution made by the second user with the second digital signature.
13. The apparatus of claim 12, wherein the contribution comprises a file attachment and the association means comprises means for associating a filename of the file attachment with the second digital signature.
14. The apparatus of claim 11, wherein the forwarding means comprises means for forwarding the message as an attachment and the association means comprises means for associating the attachment with the first digital signature.
15. A apparatus for receiving a forwarded message, comprising:
receipt means for receiving a message at a computer of a third user, wherein the message was sent from a first user to a second user and subsequently forwarded to the third user, and wherein the message has attached thereto a first digital signature corresponding to the first user and a second digital signature corresponding to the second user;
verification means for verifying the first digital signature and the second digital signature; and
opening means for opening the message if the first digital signature and the second digital signature are approved.
16. The apparatus of claim 15, wherein the verification means comprises:
comparison means for comparing the first digital signature and the second digital signature to a list of trusted digital signatures; and
approval means for approving the first digital signature and the second digital signature if they are in the list of trusted digital signatures.
17. The apparatus of claim 16, further comprising:
means for denying the first digital signature or the second digital signature if it is not in the list of trusted digital signatures;
means for prompting the third user to accept the denied digital signature; and
means for adding the denied digital signature to the list of trusted digital signatures if the user accepts the denied digital signature.
18. The apparatus of claim 16, further comprising means for deleting the message if the first digital signature or the second digital signature is not approved.
19. The apparatus of claim 15, further comprising:
means for attaching to the message a third digital signature corresponding to the third user; and
means for forwarding the message to a fourth user.
20. A apparatus for receiving a forwarded message, comprising:
receipt means for receiving a message, wherein the message was forwarded by a plurality of users, and wherein the message has attached thereto digital signatures corresponding to each of the plurality of users;
determination means for determining the number of users in the plurality of users;
comparison means for comparing the number to a threshold; and
discarding means for discarding the message if the number exceeds the threshold.
21. An e-mail client, comprising:
means for augmenting a header of an e-mail message with a list of digital signatures representing the chain of contributors in the e-mail message; and
means for sending the e-mail message to an e-mail server.
22. A computer program product, in a computer readable medium, for forwarding a message, comprising:
instructions for receiving a message from a first user at a computer of a second user, wherein the message has attached thereto a first digital signature corresponding to the first user;
instructions for attaching to the message a second digital signature corresponding to the second user; and
instructions for forwarding the message to a third user.
23. A computer program product, in a computer readable medium, for receiving a forwarded message, comprising:
instructions for receiving a message at a computer of a third user, wherein the message was sent from a first user to a second user and subsequently forwarded to the third user, and wherein the message has attached thereto a first digital signature corresponding to the first user and a second digital signature corresponding to the second user;
instructions for verifying the first digital signature and the second digital signature; and
instructions for opening the message if the first digital signature and the second digital signature are approved.
24. A computer program product, in a computer readable medium, for receiving a forwarded message, comprising:
instructions for receiving a message, wherein the message was forwarded by a plurality of users, and wherein the message has attached thereto digital signature corresponding to each of the plurality of users;
instructions for determining the number of users in the plurality of users;
instructions for comparing the number to a threshold; and
instructions for discarding the message if the number exceeds the threshold.
US09/951,820 2001-09-13 2001-09-13 Method, apparatus, and program to forward and verify multiple digital signatures in electronic mail Abandoned US20030050981A1 (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
US09/951,820 US20030050981A1 (en) 2001-09-13 2001-09-13 Method, apparatus, and program to forward and verify multiple digital signatures in electronic mail
US11/403,584 US7389422B2 (en) 2001-09-13 2006-04-13 System for forwarding and verifying multiple digital signatures corresponding to users and contributions of the users in electronic mail
US12/136,020 US20080235797A1 (en) 2001-09-13 2008-06-09 Method, Apparatus, and Program to Forward and Verify Multiple Digital Signatures in Electronic Mail
US12/136,024 US20080235345A1 (en) 2001-09-13 2008-06-09 Method, Apparatus, and Program to Forward and Verify Multiple Digital Signatures in Electronic Mail

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US09/951,820 US20030050981A1 (en) 2001-09-13 2001-09-13 Method, apparatus, and program to forward and verify multiple digital signatures in electronic mail

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US11/403,584 Division US7389422B2 (en) 2001-09-13 2006-04-13 System for forwarding and verifying multiple digital signatures corresponding to users and contributions of the users in electronic mail

Publications (1)

Publication Number Publication Date
US20030050981A1 true US20030050981A1 (en) 2003-03-13

Family

ID=25492196

Family Applications (4)

Application Number Title Priority Date Filing Date
US09/951,820 Abandoned US20030050981A1 (en) 2001-09-13 2001-09-13 Method, apparatus, and program to forward and verify multiple digital signatures in electronic mail
US11/403,584 Expired - Fee Related US7389422B2 (en) 2001-09-13 2006-04-13 System for forwarding and verifying multiple digital signatures corresponding to users and contributions of the users in electronic mail
US12/136,020 Abandoned US20080235797A1 (en) 2001-09-13 2008-06-09 Method, Apparatus, and Program to Forward and Verify Multiple Digital Signatures in Electronic Mail
US12/136,024 Abandoned US20080235345A1 (en) 2001-09-13 2008-06-09 Method, Apparatus, and Program to Forward and Verify Multiple Digital Signatures in Electronic Mail

Family Applications After (3)

Application Number Title Priority Date Filing Date
US11/403,584 Expired - Fee Related US7389422B2 (en) 2001-09-13 2006-04-13 System for forwarding and verifying multiple digital signatures corresponding to users and contributions of the users in electronic mail
US12/136,020 Abandoned US20080235797A1 (en) 2001-09-13 2008-06-09 Method, Apparatus, and Program to Forward and Verify Multiple Digital Signatures in Electronic Mail
US12/136,024 Abandoned US20080235345A1 (en) 2001-09-13 2008-06-09 Method, Apparatus, and Program to Forward and Verify Multiple Digital Signatures in Electronic Mail

Country Status (1)

Country Link
US (4) US20030050981A1 (en)

Cited By (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6823368B1 (en) * 2000-09-28 2004-11-23 International Business Machines Corporation Method and system for E-mail sender chain history by adding a sender-chain filed to the E-mail header when forwarding a chain forwarded E-mail message to another recipient
US20050033811A1 (en) * 2003-08-07 2005-02-10 International Business Machines Corporation Collaborative email
US20050058261A1 (en) * 2003-09-15 2005-03-17 Philippe Baumard Method and system for measuring interest levels of digital messages
US20050081051A1 (en) * 2003-10-09 2005-04-14 International Business Machines Corporation Mitigating self-propagating e-mail viruses
US20050182938A1 (en) * 2004-01-14 2005-08-18 Brandmail Solutions Llc Method and apparatus for trusted branded email
US20050198579A1 (en) * 2004-03-04 2005-09-08 International Business Machines Corporation Method and apparatus to avoid duplicate electronic mail documents resulting from forwarding of an electronic mail document
EP1748614A1 (en) * 2005-07-29 2007-01-31 Research In Motion Limited Method and apparatus for processing digitally signed messages to determine address mismatches
US20070038719A1 (en) * 2005-07-29 2007-02-15 Research In Motion Limited Method and apparatus for processing digitally signed messages to determine address mismatches
US20080120704A1 (en) * 2001-04-30 2008-05-22 Aol Llc Identifying unwanted electronic messages
US20090157818A1 (en) * 2007-12-12 2009-06-18 Cook Adam R Method to identify and display contributions by author in an e-mail comprising multiple authors
US20090210501A1 (en) * 2008-02-20 2009-08-20 Yahoo! Inc. Blocking of spoofed e-mail
US20100169450A1 (en) * 2004-05-21 2010-07-01 J2 Global Communications Messaging protocol for processing messages with attachments
US20110087741A1 (en) * 2009-10-13 2011-04-14 Stern Edith H Cost management for messages
US7954043B2 (en) 2002-12-02 2011-05-31 International Business Machines Corporation Concurrent editing of a file by multiple authors
US20120042020A1 (en) * 2010-08-16 2012-02-16 Yahoo! Inc. Micro-blog message filtering
US8429232B1 (en) * 2003-10-03 2013-04-23 Voltage Security, Inc. Message authentication using signatures
US9037660B2 (en) 2003-05-09 2015-05-19 Google Inc. Managing electronic messages
US9154473B1 (en) * 2011-07-06 2015-10-06 CRRC, Inc. Electronic communications management system and method
CN107547559A (en) * 2017-09-20 2018-01-05 新华三信息安全技术有限公司 A kind of message processing method and device
US20190173890A1 (en) * 2017-12-04 2019-06-06 Microsoft Technology Licensing, Llc Preserving integrity of multi-authored message content

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8341616B2 (en) * 2007-03-28 2012-12-25 International Business Machines Corporation Updating digitally signed active content elements without losing attributes associated with an original signing user
JP4444998B2 (en) * 2007-10-12 2010-03-31 富士通株式会社 E-mail information management program, e-mail information management apparatus, and e-mail information management method
US9471898B2 (en) * 2007-12-31 2016-10-18 International Business Machines Corporation Endorsing E-mail messages using social network verification
US8392513B2 (en) * 2009-01-05 2013-03-05 International Business Machines Corporation Reducing email size by using a local archive of email components
US8429237B2 (en) 2010-05-25 2013-04-23 International Business Machines Corporation Managing an electronic mail in a communication network
US8578169B2 (en) * 2010-11-29 2013-11-05 Blackberry Limited System and method of signing a message
US20130179768A1 (en) * 2012-01-05 2013-07-11 International Business Machines Corporation Differentiated Information Display For Certified and Uncertified Web Page Versions
US10032219B2 (en) 2013-09-24 2018-07-24 Chicago Mercantile Exchange Inc. Secure exchange feed market data embargo
WO2015088894A1 (en) * 2013-12-09 2015-06-18 Chicago Mercantile Exchange Inc. Secure exchange feed market data embargo
US9697569B2 (en) 2013-12-09 2017-07-04 Chicago Mercantile Exchange Inc. Exchange feed for trade reporting having reduced redundancy
US11257153B2 (en) 2015-05-06 2022-02-22 Chicago Mercantile Exchange Inc. Tokens, and the use thereof, for public distribution of messages having a private association with a subset of the message recipients
US11411907B2 (en) 2016-05-16 2022-08-09 Chicago Mercantile Exchange Inc. Systems and methods for consolidating multiple feed data

Citations (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4868877A (en) * 1988-02-12 1989-09-19 Fischer Addison M Public key/signature cryptosystem with enhanced digital signature certification
US5005200A (en) * 1988-02-12 1991-04-02 Fischer Addison M Public key/signature cryptosystem with enhanced digital signature certification
US5214702A (en) * 1988-02-12 1993-05-25 Fischer Addison M Public key/signature cryptosystem with enhanced digital signature certification
US5412717A (en) * 1992-05-15 1995-05-02 Fischer; Addison M. Computer system security method and apparatus having program authorization information data structures
US5465299A (en) * 1992-12-03 1995-11-07 Hitachi, Ltd. Electronic document processing system and method of forming digital signature
US5661805A (en) * 1994-08-03 1997-08-26 Nec Corporation Signature verification apparatus capable of obtaining information required for a document recipient by using an apparatus's verification key alone
US5915024A (en) * 1996-06-18 1999-06-22 Kabushiki Kaisha Toshiba Electronic signature addition method, electronic signature verification method, and system and computer program product using these methods
US5917912A (en) * 1995-02-13 1999-06-29 Intertrust Technologies Corporation System and methods for secure transaction management and electronic rights protection
US5966445A (en) * 1995-05-26 1999-10-12 Korea Telecommunication Authority Identification scheme single or multi-digital signature scheme giving message recovery single or multi-digital signature scheme with appendix key exchange scheme and blind digital signature scheme
US5996113A (en) * 1996-11-26 1999-11-30 Intel Corporation Method and apparatus for generating digital checksum signatures for alteration detection and version confirmation
US6038665A (en) * 1996-12-03 2000-03-14 Fairbanks Systems Group System and method for backing up computer files over a wide area computer network
US6212637B1 (en) * 1997-07-04 2001-04-03 Nippon Telegraph And Telephone Corporation Method and apparatus for en-bloc verification of plural digital signatures and recording medium with the method recorded thereon
US20010018675A1 (en) * 1998-02-17 2001-08-30 Blaze Matthew A. Method and apparatus for compliance checking in a trust-management system
US20010042104A1 (en) * 1998-09-01 2001-11-15 Donoho David Leigh Inspector for computed relevance messaging
US20010043388A1 (en) * 2000-02-29 2001-11-22 Yochay Danziger High order mode erbium-doped fiber amplifier
US20020007453A1 (en) * 2000-05-23 2002-01-17 Nemovicher C. Kerry Secured electronic mail system and method
US6370249B1 (en) * 1997-07-25 2002-04-09 Entrust Technologies, Ltd. Method and apparatus for public key management
US20020059364A1 (en) * 1999-02-08 2002-05-16 Christopher M Coulthard Content certification
US20020124167A1 (en) * 2001-03-01 2002-09-05 Matsushita Graphic Communication Systems, Inc. Encrypted mail transmission system
US20020144140A1 (en) * 2001-03-30 2002-10-03 Ellison Carl M. File checking using remote signing authority via a network
US20020156849A1 (en) * 1998-09-01 2002-10-24 Donoho David Leigh Method and apparatus for computed relevance messaging
US20020178356A1 (en) * 2001-02-15 2002-11-28 Ssh Communications Security Corp. Method for setting up secure connections
US20030135464A1 (en) * 1999-12-09 2003-07-17 International Business Machines Corporation Digital content distribution using web broadcasting services
US6681114B2 (en) * 2000-12-06 2004-01-20 At&T Corp. On demand multicast messaging system
US20040054630A1 (en) * 1995-02-13 2004-03-18 Intertrust Technologies Corporation Systems and methods for secure transaction management and electronic rights protection
US20040073507A1 (en) * 2001-01-03 2004-04-15 Scott William A. Method and system for providing international procurement, such as via an electronic reverse auction

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH06315036A (en) 1993-04-28 1994-11-08 Matsushita Electric Ind Co Ltd Electronic mail system with digital signature
US7143290B1 (en) * 1995-02-13 2006-11-28 Intertrust Technologies Corporation Trusted and secure techniques, systems and methods for item delivery and execution
US5692047A (en) * 1995-12-08 1997-11-25 Sun Microsystems, Inc. System and method for executing verifiable programs with facility for using non-verifiable programs from trusted sources
US6263442B1 (en) * 1996-05-30 2001-07-17 Sun Microsystems, Inc. System and method for securing a program's execution in a network environment
US6219787B1 (en) * 1997-12-22 2001-04-17 Texas Instruments Incorporated Method and apparatus for extending security model to native code
US6816900B1 (en) * 2000-01-04 2004-11-09 Microsoft Corporation Updating trusted root certificates on a client computer
US20030105720A1 (en) * 2000-03-14 2003-06-05 Yoshihito Ishibashi Content secondary distribution management system and method, and program providing medium therefor
US6915433B1 (en) * 2000-09-28 2005-07-05 Sumisho Computer Systems Corporation Securely extensible component meta-data
US7200572B2 (en) * 2001-02-02 2007-04-03 E-Markets, Inc. Method and apparatus for pricing a commodity

Patent Citations (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4868877A (en) * 1988-02-12 1989-09-19 Fischer Addison M Public key/signature cryptosystem with enhanced digital signature certification
US5005200A (en) * 1988-02-12 1991-04-02 Fischer Addison M Public key/signature cryptosystem with enhanced digital signature certification
US5214702A (en) * 1988-02-12 1993-05-25 Fischer Addison M Public key/signature cryptosystem with enhanced digital signature certification
US5412717A (en) * 1992-05-15 1995-05-02 Fischer; Addison M. Computer system security method and apparatus having program authorization information data structures
US5465299A (en) * 1992-12-03 1995-11-07 Hitachi, Ltd. Electronic document processing system and method of forming digital signature
US5661805A (en) * 1994-08-03 1997-08-26 Nec Corporation Signature verification apparatus capable of obtaining information required for a document recipient by using an apparatus's verification key alone
US20040054630A1 (en) * 1995-02-13 2004-03-18 Intertrust Technologies Corporation Systems and methods for secure transaction management and electronic rights protection
US5917912A (en) * 1995-02-13 1999-06-29 Intertrust Technologies Corporation System and methods for secure transaction management and electronic rights protection
US5966445A (en) * 1995-05-26 1999-10-12 Korea Telecommunication Authority Identification scheme single or multi-digital signature scheme giving message recovery single or multi-digital signature scheme with appendix key exchange scheme and blind digital signature scheme
US5915024A (en) * 1996-06-18 1999-06-22 Kabushiki Kaisha Toshiba Electronic signature addition method, electronic signature verification method, and system and computer program product using these methods
US5996113A (en) * 1996-11-26 1999-11-30 Intel Corporation Method and apparatus for generating digital checksum signatures for alteration detection and version confirmation
US6038665A (en) * 1996-12-03 2000-03-14 Fairbanks Systems Group System and method for backing up computer files over a wide area computer network
US6212637B1 (en) * 1997-07-04 2001-04-03 Nippon Telegraph And Telephone Corporation Method and apparatus for en-bloc verification of plural digital signatures and recording medium with the method recorded thereon
US6370249B1 (en) * 1997-07-25 2002-04-09 Entrust Technologies, Ltd. Method and apparatus for public key management
US20010018675A1 (en) * 1998-02-17 2001-08-30 Blaze Matthew A. Method and apparatus for compliance checking in a trust-management system
US20020156849A1 (en) * 1998-09-01 2002-10-24 Donoho David Leigh Method and apparatus for computed relevance messaging
US20010042104A1 (en) * 1998-09-01 2001-11-15 Donoho David Leigh Inspector for computed relevance messaging
US20020059364A1 (en) * 1999-02-08 2002-05-16 Christopher M Coulthard Content certification
US20030135464A1 (en) * 1999-12-09 2003-07-17 International Business Machines Corporation Digital content distribution using web broadcasting services
US20010043388A1 (en) * 2000-02-29 2001-11-22 Yochay Danziger High order mode erbium-doped fiber amplifier
US20020007453A1 (en) * 2000-05-23 2002-01-17 Nemovicher C. Kerry Secured electronic mail system and method
US6681114B2 (en) * 2000-12-06 2004-01-20 At&T Corp. On demand multicast messaging system
US20040073507A1 (en) * 2001-01-03 2004-04-15 Scott William A. Method and system for providing international procurement, such as via an electronic reverse auction
US20020178356A1 (en) * 2001-02-15 2002-11-28 Ssh Communications Security Corp. Method for setting up secure connections
US20020124167A1 (en) * 2001-03-01 2002-09-05 Matsushita Graphic Communication Systems, Inc. Encrypted mail transmission system
US20020144140A1 (en) * 2001-03-30 2002-10-03 Ellison Carl M. File checking using remote signing authority via a network

Cited By (49)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6823368B1 (en) * 2000-09-28 2004-11-23 International Business Machines Corporation Method and system for E-mail sender chain history by adding a sender-chain filed to the E-mail header when forwarding a chain forwarded E-mail message to another recipient
US7954155B2 (en) * 2001-04-30 2011-05-31 AOL, Inc. Identifying unwanted electronic messages
US20080120704A1 (en) * 2001-04-30 2008-05-22 Aol Llc Identifying unwanted electronic messages
US7954043B2 (en) 2002-12-02 2011-05-31 International Business Machines Corporation Concurrent editing of a file by multiple authors
US9037660B2 (en) 2003-05-09 2015-05-19 Google Inc. Managing electronic messages
US7673006B2 (en) 2003-08-07 2010-03-02 International Business Machines Corporation Collaborative email with delegable authorities
US10860784B2 (en) 2003-08-07 2020-12-08 Paypal, Inc. Collaborative email with hierarchical signature authority
US9886428B2 (en) 2003-08-07 2018-02-06 Paypal, Inc. Collaborative email with hierarchical signature authority
WO2005015432A1 (en) * 2003-08-07 2005-02-17 International Business Machines Corporation Collaborative email
US20050033813A1 (en) * 2003-08-07 2005-02-10 International Business Machines Corporation Collaborative email with delegable authorities
US20090083384A1 (en) * 2003-08-07 2009-03-26 International Business Machines Corporation Collaborative Email With Hierachical Signature Authority
US8606855B2 (en) 2003-08-07 2013-12-10 Ebay Inc. Collaborative email with hierachical signature authority
US20050033811A1 (en) * 2003-08-07 2005-02-10 International Business Machines Corporation Collaborative email
US20080250474A1 (en) * 2003-08-07 2008-10-09 Intrnational Business Machines Corporation Collaborative Email With Delegable Authorities
US7437421B2 (en) 2003-08-07 2008-10-14 International Business Machines Corporations Collaborative email with delegable authorities
US20080263155A1 (en) * 2003-08-07 2008-10-23 International Business Machines Corporation Collaborative Email With Delegable Authorities
US7251640B2 (en) 2003-09-15 2007-07-31 Philippe Baumard Method and system for measuring interest levels of digital messages
US20070286072A1 (en) * 2003-09-15 2007-12-13 Philippe Baumard Method and system for measuring interest levels of digital messages
US7711667B2 (en) 2003-09-15 2010-05-04 Philippe Baumard Method and system for measuring interest levels of digital messages
US20050058261A1 (en) * 2003-09-15 2005-03-17 Philippe Baumard Method and system for measuring interest levels of digital messages
US8429232B1 (en) * 2003-10-03 2013-04-23 Voltage Security, Inc. Message authentication using signatures
US8756289B1 (en) 2003-10-03 2014-06-17 Voltage Security, Inc. Message authentication using signatures
US20050081051A1 (en) * 2003-10-09 2005-04-14 International Business Machines Corporation Mitigating self-propagating e-mail viruses
US8621217B2 (en) 2004-01-14 2013-12-31 Jose J. Picazo Separate Property Trust Method and apparatus for trusted branded email
US20090013197A1 (en) * 2004-01-14 2009-01-08 Harish Seshadri Method and Apparatus for Trusted Branded Email
US11711377B2 (en) 2004-01-14 2023-07-25 Jose J. Picazo, Jr. Separate Property Trust Method and apparatus for trusted branded email
US10951629B2 (en) 2004-01-14 2021-03-16 Jose J. Picazo, Jr. Separate Property Trust Method and apparatus for trusted branded email
US20050182938A1 (en) * 2004-01-14 2005-08-18 Brandmail Solutions Llc Method and apparatus for trusted branded email
US10298596B2 (en) 2004-01-14 2019-05-21 Jose J. Picazo, Jr. Separate Property Trust Method and apparatus for trusted branded email
US7457955B2 (en) 2004-01-14 2008-11-25 Brandmail Solutions, Inc. Method and apparatus for trusted branded email
US20050198579A1 (en) * 2004-03-04 2005-09-08 International Business Machines Corporation Method and apparatus to avoid duplicate electronic mail documents resulting from forwarding of an electronic mail document
US20100169450A1 (en) * 2004-05-21 2010-07-01 J2 Global Communications Messaging protocol for processing messages with attachments
US20100121931A1 (en) * 2005-07-29 2010-05-13 Research In Motion Limited Method and apparatus for processing digitally signed messages to determine address mismatches
US8478830B2 (en) 2005-07-29 2013-07-02 Research In Motion Limited Method and apparatus for processing digitally signed messages to determine address mismatches
US8090786B2 (en) 2005-07-29 2012-01-03 Research In Motion Limited Method and apparatus for processing digitally signed messages to determine address mismatches
US20070038719A1 (en) * 2005-07-29 2007-02-15 Research In Motion Limited Method and apparatus for processing digitally signed messages to determine address mismatches
US7653696B2 (en) 2005-07-29 2010-01-26 Research In Motion Limited Method and apparatus for processing digitally signed messages to determine address mismatches
EP1748614A1 (en) * 2005-07-29 2007-01-31 Research In Motion Limited Method and apparatus for processing digitally signed messages to determine address mismatches
US20090157818A1 (en) * 2007-12-12 2009-06-18 Cook Adam R Method to identify and display contributions by author in an e-mail comprising multiple authors
US8549080B2 (en) * 2007-12-12 2013-10-01 International Business Machines Corporation Method to identify and display contributions by author in an e-mail comprising multiple authors
US20090210501A1 (en) * 2008-02-20 2009-08-20 Yahoo! Inc. Blocking of spoofed e-mail
US8381262B2 (en) * 2008-02-20 2013-02-19 Yahoo! Inc. Blocking of spoofed E-mail
US8996623B2 (en) * 2009-10-13 2015-03-31 International Business Machines Corporation Cost management for messages
US20110087741A1 (en) * 2009-10-13 2011-04-14 Stern Edith H Cost management for messages
US20120042020A1 (en) * 2010-08-16 2012-02-16 Yahoo! Inc. Micro-blog message filtering
US9154473B1 (en) * 2011-07-06 2015-10-06 CRRC, Inc. Electronic communications management system and method
CN107547559A (en) * 2017-09-20 2018-01-05 新华三信息安全技术有限公司 A kind of message processing method and device
US20190173890A1 (en) * 2017-12-04 2019-06-06 Microsoft Technology Licensing, Llc Preserving integrity of multi-authored message content
US10887322B2 (en) * 2017-12-04 2021-01-05 Microsoft Technology Licensing, Llc Preserving integrity of multi-authored message content

Also Published As

Publication number Publication date
US20080235797A1 (en) 2008-09-25
US7389422B2 (en) 2008-06-17
US20080235345A1 (en) 2008-09-25
US20060190545A1 (en) 2006-08-24

Similar Documents

Publication Publication Date Title
US7389422B2 (en) System for forwarding and verifying multiple digital signatures corresponding to users and contributions of the users in electronic mail
US7574479B2 (en) Techniques for attesting to content
US7571319B2 (en) Validating inbound messages
US8375098B2 (en) Method, system and program product for verifying an attachment file within an e-mail
US8560841B2 (en) Request authentication token
US8132011B2 (en) System and method for authenticating at least a portion of an e-mail message
US6549957B1 (en) Apparatus for preventing automatic generation of a chain reaction of messages if a prior extracted message is similar to current processed message
US8640201B2 (en) Mail server coordination activities using message metadata
US7406502B1 (en) Method and system for classifying a message based on canonical equivalent of acceptable items included in the message
US8180834B2 (en) System, method, and computer program product for filtering messages and training a classification module
KR101255362B1 (en) Secure safe sender list
US20080120704A1 (en) Identifying unwanted electronic messages
US8195753B2 (en) Honoring user preferences in email systems
KR20040064232A (en) Framework to enable integration of anti-spam technologies
US20080177843A1 (en) Inferring email action based on user input
US20060190533A1 (en) System and Method for Registered and Authenticated Electronic Messages
JP2007512585A (en) Method and system for preventing abuse of email messages
Gansterer et al. Anti-spam methods-state of the art
CN113518987A (en) E-mail security analysis
US20040260775A1 (en) System and method for sending messages
US20060161627A1 (en) System and method for verifying and archiving electronic messages
KR20060119993A (en) Mitigating self-propagating e-mail viruses
WO2001027828A2 (en) Methods and apparatus for verifying the presence of intended email attachments
Both Combating Spam
Protocol Network Working Group J. Klensin Internet-Draft March 5, 2007 Obsoletes: 2821 (if approved) Intended status: Standards Track Expires: September 6, 2007

Legal Events

Date Code Title Description
AS Assignment

Owner name: INTERNATIONAL BUSINESS MACHINES CORPORATION, NEW Y

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:BANERJEE, DWIP N.;DUTTA, RABINDRANATH;SPRING, EDUARDO N.;REEL/FRAME:012193/0680;SIGNING DATES FROM 20010910 TO 20010911

STCB Information on status: application discontinuation

Free format text: EXPRESSLY ABANDONED -- DURING EXAMINATION