MESSAGE ENCRYPTION SYSTEM AND METHOD
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates generally to message delivery and more specifically to a system and method for message encryption.
2. Related Art
The proliferation of processors and processor-based systems in recent years has led to a tremendous increase in the ability of businesses, industry and individuals to share or otherwise communicate information. Most computers and workstations in today's homes and offices are connected in some manner to another computer or workstation, either locally or remotely. An early form of such inter-connection of computing systems is the local area network (LAN). Using LAN technology, several computers, workstations, peripherals, or other related devices can be connected to share data among one another and to share network resources.
The Internet can be thought of as an extension of local area network technology. The Internet originally began as a communication network through which government researchers, scientists and other personnel could exchange data or other information between offices and facilities throughout the world. Eventually, the Internet became accessible to the public. Initially, the public was slow to embrace the Internet, and it seemed as if the Internet would remain nothing more than a way for a select group of technologists to exchange e-mails
and other data or information. Eventually, however, entrepreneurs who envisioned the growth of the consumer market for Internet services were able to attract a large number of consumers into the fold. As a result, a sort of snowball effect ensued in which more and more consumers became Internet users, and in turn, more and more businesses rushed to get web pages set up on an Internet server. With more businesses offering information, products and services on the Web, more consumers were attracted to the Internet. This cycle rapidly fed on itself virtually creating an explosion on the Internet.
However, the proliferation of the Internet did not stop with simply making web pages available to the Internet users, or web surfers. In the true capitalistic spirit, providers of goods and services began offering enhanced web services as add-on features to their goods and services. Seemingly overnight, entrepreneurs and businesses jumped on to the Internet bandwagon. On top of that, hundreds, if not thousands, of new businesses were created to offer Internet-related services.
However, in spite of this proliferation, there are still shortcomings in Internet-related services. For example, because the Internet is a public or quasi- public network, there are privacy and security concerns associated with exchanging information thereon. Where parties wish to exchange confidential or sensitive information over a public or quasi-public network such as the Internet, they often take steps to encrypt or otherwise secure the contents of the communication.
However, conventional encryption and decryption techniques require a relatively high level of coordination between the sender and recipient. For example, with some conventional encryption/decryption packages, the recipient must load a copy of the appropriate decryption software onto his or her machine in order to decrypt messages from a particular sender. This may be a suitable scenario for certain computer-savvy users. However, where a sender provides
multiple messages to many different users, some of whom may be somewhat unskilled in the world of computing, the prospect of having to provide software to each of the recipients may be less than desirable. This is amplified by considerations that the recipient must successfully install and execute the software, which may present some very real practicality problems. Additionally, where the recipients deal with many different senders, the recipients may need to have several decryption packages installed on their machine. Such solutions are less than ideal.
SUMMARY OF THE INVENTION
The present invention is directed toward a system and method for enabling the transfer of secure messages across a network, such as the Internet or other public, quasi-public or private network. According to another aspect of the invention, a secure reply can be sent from the recipient of the original message to the sender of the original message to ensure the privacy of the reply. The features and advantages of the invention are accomplished according to one or more aspects of the invention that can be implemented individually or collectively in any of a number of different environments or applications in which electronic messaging is used to allow computer users to communicate with one another.
According to one aspect of the invention, password encryption is used to encrypt the body of the message to ensure privacy of the body. According to another aspect of the invention, the password can be created by combining two or more pieces of password information known to or available to both the sender and the recipient. More specifically, according to this aspect, the password can be created by the sender prior to message encryption, and can
also be created by the recipient at the recipient end to allow the recipient to decrypt the message.
According to another aspect of the invention, to facilitate decryption at the recipient's end, a decryption script can be provided along with the encrypted message to the recipient. The decryption script, which comprises executable code such as, for example, JavaScript or other executable code is sent to the recipient along with the message and executed by the recipient's computer when the message is read.
According to another aspect of the invention, a reply encryption script and reply encryption password can also be provided with the message to enable the recipient to create an encrypted reply to the original message.
Preferably, the encryption script and reply password are included with the encrypted body of the original message such that the privacy, security or accuracy of these pieces of information are maintained during transmission of the message to the recipient. These pieces of information can be decrypted by the recipient during the decryption process such that they can be used by the recipient to encrypt a reply.
One advantage that can be obtained from one or more aspects of the invention is that passwords need not be coordinated and set up in advance among the sender and recipient. Instead, using the password information known to or available to both the sender and the recipient to create a password, the password can be created on each end without requiring the set up and exchange of passwords in advance. This advantage can be particularly beneficial in a situation where a sender desires to send a plurality of messages to a plurality of different recipients at different locations. The advantages of not having to coordinate passwords among a large number of recipients are numerous.
Another advantage that can be obtained from one or more aspects of the invention is that decryption software need not be distributed to and installed by recipients of the encrypted message. Because according to one aspect of the invention a decryption script is provided with the encrypted message, this decryption script can be used by the recipient's computer to decrypt the message. In embodiments where the decryption script is somewhat self- executing such as, for example, JavaScript embodiments, execution of the decryption script occurs automatically without the need to install software at the recipient computer. This aspect, too, is particularly advantageous in situations where a sender desires to send encrypted messages to a plurality of recipients at a plurality of different computing locations.
Yet another advantage that can be obtained from one or more aspects of the invention is that the recipient can generate an encrypted reply to the original sender using password information or an encrypted password received from the sender, such that the encrypted reply can be decrypted upon receipt by the original sender. This, too, can yield the advantage that encryption/decryption algorithms and passwords do not need to be coordinated and exchanged among various senders and recipients.
Further features and advantages of the invention in accordance with one or more embodiments are described in detail below.
BRIEF DESCRIPTION OF THE DRAWINGS
FIG. 1 is a diagram illustrating an example environment in which the invention can be implemented.
FIG. 2 is a functional block diagram illustrating the functionality of one embodiment of the invention.
FIG. 3 is an operational flow diagram illustrating the encryption of a message according to one embodiment of the invention. FIG. 4 is a functional block diagram illustrating message decryption according to one embodiment of the invention.
FIG. 5 is an operational flow diagram illustrating a process for message decryption and encryption of a reply according to one embodiment of the invention. FIG. 6 is a block diagram illustrating an example computer architecture according to one embodiment of the invention.
Detailed Description of the Preferred Embodiments
1. Introduction and Overview
The present invention is directed toward a system and method for enabling the transfer of secure messages across a network, such as the Internet or other public or quasi-public network. According to one aspect, the present invention can provide encryption of messages such as, for example, e- mail messages sent between computer users. According to the invention, one or more features can be provided to ensure the privacy of messages sent to one or more other computer users, as well as privacy in replies received from those users.
According to one aspect of the invention, the message is encrypted, and a decryption script is included with the message sent to the designated recipient. Upon receipt, the recipient executes the decryption script to decrypt the encrypted message. According to another aspect of the invention, the encryption can be a password encryption, and the password used can be created using one or more pieces of information of which the recipient has knowledge. In this embodiment, the recipient is queried to provide this information upon decryption, and this information is used to provide the decryption password. According to yet another aspect of the invention, an encryption script can be included with the message sent such that the recipient can use this encryption script to encrypt a reply.
2. Example Environment
Before describing the invention in detail, it is useful to describe a simple example environment in which the invention can be implemented. One such example environment is a computing network across which two or more network users communicate with one another. Communication networks such as those that would benefit from the features of the present invention, can be implemented in a number of different configurations with a number of different architectures. In fact, as will become apparent to one of ordinary skill in the art after reading this description, implementation of the various features and aspects of the present invention is not dependent on a particular or specific architecture of a communication network or a particular communication interface between one or more computers. However, to facilitate a description of the invention, an example communication network is described with reference to FIG. 1.
Referring now to FIG. 1 , a network 106 provides a vehicle for communication among a plurality of computers 104, 108. Network 106 can be implemented as a LAN or WAN using, for example, common network technology such as Ethernet, SONET, ISDN, or other network technology. In fact, in one embodiment, it is contemplated that network 106 is a quasi-public network, such as, for example, the Internet.
Illustrated in FIG. 1 are two classes of computers: servers 108 and clients 104. This distinction is provided to illustrate that one or more users of network 106 at client workstations 104 may receive or access information from one or more servers 108. In fact, one operational scenario that can be described to set the stage for description of the invention is that in which one or more servers 108 prepare and send confidential messages to one or more users at one or more client workstations 104. Of course, the example
environment can comprise one or more classes of computers in communication with one another, and is not limited to scenarios specifically utilizing "servers" and "clients" as illustrated in FIG. 1.
Although any application may utilize the communication functionality of a network 106, a few example applications are described to better illustrate potential real-world uses for the communication medium. For example, server computers 108 may be computing resources at a bank, credit union, investment brokerage, or other financial institution, and the institution desires to send account information or other confidential information to its various customers at client computers 104 via network 106. The institution may also request that the customer at a client workstation 104 reply to their message via network 106. Replies can include, for example, queries regarding statements received, account manipulation requests by the customer, or any other reply that may be sent from a customer to the institution. Other examples of applications that may wish to communicate confidential proprietary information across network 106 can include, for example, frequent flyer programs; companies that do billing or invoicing or other account processing over network 106; or any other business, institution, or entity desiring to share electronic information with one or more clients or customers across a network such as network 106.
The invention is described herein in terms of this example environment, and more specifically, in terms of a server system 108 creating and sending a secure message to a client system 104. Description in these terms is provided for ease of discussion only. After reading the description herein, it will become apparent to one of ordinary skill in the art that the present invention can be implemented in any of a number of different computing environments where it is desirable to ensure the confidentiality or integrity of message among computing resources.
3. Message Transfer
The present invention provides several features that can be included in one or more computer processing systems such as computer servers or other processing systems that communicate electronic information to one or more other devices. These features can be implemented individually or collectively to help ensure confidentiality in the communication channel. One such feature includes the encryption of messages such as, for example, e-mail messages, sent from a sender to a recipient via a communication network such as network 106.
FIG. 2 is a block diagram illustrating an example functional architecture for the encryption of a message according to one embodiment of the invention. According to the embodiment illustrated in FIG. 2, the encryption utilizes password encryption. As such, the embodiment includes a password creation function 136. According to one embodiment, the password is created utilizing one or more pieces of password information 132 available to server 108. For example, in one embodiment of the invention, password information 132 can include information such as, for example, personal information of the particular customer to whom the message is being sent. Although password information can be defined differently for various applications, password information 132 may include information such as, for example, customer account number or account information; customer personal information such as birth date, Social Security number, mother's maiden name, or other personal information; or other information that may be unique or somewhat unique to the particular customer. Preferably, the password information 132 is available on one or more databases at the server site 108, and is also known to or determinable by the recipient.
The password creation function 136 retrieves one or more pieces of password information 132 from the database and combines these pieces to create a password for the encryption of the message to be sent to the customer. Because in this embodiment the password creation function is using pieces of information known to or available to the recipient, the password can be recreated for decryption at client 104 using information entered by the recipient at the recipient's end.
The content of the message, referred to as the body 134 is provided to encryption engine 138, which performs the encryption. The body of the message 134 can include the sensitive part of the message that the sender desires to be encrypted. In terms of one or more example applications described above, the body might include, for example, a customer account statement or other sensitive information.
As stated, in the illustrated embodiment, the encryption is based on the password created by password creation function 136. In one embodiment, the encryption algorithms used are implemented using, for example, ARCFour (also known as RC4®), or other encryption algorithms, whether they be commercially available or custom created. Note that with some encryption programs, users are prevented from using the same password twice. RC4® is one such algorithm. In such a system, however, an initialization vector can be used and included in the message as would be obvious to one of ordinary skill in the art after reading this disclosure.
Message creation 146 completes the message by appending additional information or materials to the encrypted body. For example, a decryption script 148 is appended, which allows the client 104 to decrypt the message upon receipt. Decryption script 148 can be implemented, for example, as a JavaScript or other executable code that can be executed by client computer 104 upon receipt. One advantage of JavaScript is that it allows execution on a
variety of different client machines and can be optimized for the user's browser. This is particularly useful in applications such as Internet applications.
Also appended can be any desired supplemental information 142 such as, for example, address information like the recipient address (e.g., the "To:" address) for the message. Supplemental information 142 may also include code to allow the recipient computer to prompt the user for password information and to combine the password information to create the decryption password. One example includes an electronic form or forms to be filled out by the recipient requesting password information to be used in creating a decryption password. Another example is JavaScript or other executable code configured to prompt the recipient for password information and to combine the entered password information to derive the decryption password. JavaScript, a form or other password code can be provided as supplemental information or as part of decryption script 148. Additionally, a form can be provided to prompt the recipient for the password information and the decryption script can combine the information to obtain the decryption password.
The combination of the encrypted body along with supplemental information and decryption script 148 results in an encrypted message 150 with an attached decryption script 148. The encrypted message 150, along with decryption script 148 can be sent to the recipient, with at least the body 134 of the message 150 being secure.
As stated above and discussed in more detail below, in one embodiment, provisions can be incorporated to allow the recipient to send a secure reply back to the original sender. As such, in this embodiment, a reply encryption password 140 and a reply encryption script 144 can also be provided to encryption engine 138 for encryption and inclusion with encrypted message 150. Reply encryption password 140 and reply encryption script 144
included with message 150 can be used by the recipient to encrypt a reply message.
FIG. 3 is an operational flow diagram illustrating a process for encrypting and sending a message according to one embodiment of the invention. Referring now to FIG. 3, in a step 204 server 108 builds the message to be sent. More particularly, in this step, server 108 builds body 134 of the message to be sent. As stated above, this message can include, for example, statements, account information, or any other information that the sender desires to remain confidential. In some applications, the process of building message body 134 can be automated such that a computer system at or associated with server 108 automatically generates an electronic version of the content of the message. For example, a bank computer system may automatically generate monthly account statements in electronic form. In the example functional architecture illustrated in FIG. 2, and in accordance with the above-described example application, the step of generating message body 134 can be accomplished by retrieving data from a database135 accessible by server 108 and compiling this data as the body 134 of the message to be sent. Of course, message body 134 can also be created manually, based on user activity or intervention. In a step 206, the password is prepared for encryption of the message.
As stated above, in a preferred embodiment, the password is prepared by combining selected information available to the server in a password information database 132 and can include personal information or other information known to or obtainable by the customer at a client computer 104. Password information database 132 can be one or more databases at or accessible by server 108 that store one or more pieces of password information as they may be defined for a particular application. In a step 208, the prepared password is used to encrypt the message. Because the
password is created using information known to or available to the recipient, he or she can be queried to enter this information upon receipt of the message 150, and the decryption password can be recreated locally at the client computer 104. One advantage of this embodiment is that password encryption can be implemented with institutions or other entities having a large number of customers, clients, or other message recipients, and a unique, or at least unguessable, password can be created for each of these recipients based on password information 132. As such, elaborate schemes for establishing passwords in coordination with each of the various clients, customers, or other recipients need not be implemented.
In a step 210, a decryption script 148 is attached to the message prior to transmission. As stated above, decryption script 148 can be JavaScript or other executable code that can be executed by the recipient's computer 104 upon receipt of encrypted message 150. Although it is not necessary that decryption script 148 be included as an "attachment" per se, in one embodiment, decryption script 148 is included as an attachment to an e-mail message 150. In alternative embodiments, decryption script 148 is attached by otherwise including it with the message being sent. Address and other supplemental information can be included with message 150 and message 150 sent to the recipient as illustrated by steps 212 and 214.
Also, as stated above, an encryption password 140 and reply encryption script 144 can be included in encrypted message 150 to enable the user to send an encrypted reply 164 (see FIG. 4) to the sender. This is illustrated by steps 216 and 218. Preferably, as illustrated in FIGS. 2 and 3, the encryption script 144 and encryption password 140 are encrypted prior to transmission of the message to the recipient. This ensures security of the encryption code 144
and password 140. In one embodiment, encryption script 144 is JavaScript or other executable code that can run on client computer 104, preferably with little or no user intervention. In one embodiment, reply encryption password 140 can be the same as the encryption password used to send the original message from the sender at server 108 to the recipient at client 104. In this embodiment, the password created at the recipient's end by the recipient entering requested password information to decrypt message 150 can also be used to encrypt the reply. As such, a reply encryption password need not be included in message 150. Upon receipt of encrypted message 150, the recipient's computer 104 executes the decryption script 148 to decrypt the received message. FIG. 4 is a block diagram illustrating an example functional architecture for the decryption of a received message 150 and the encryption of a reply message 162 according to one embodiment of the invention. Referring now to FIG. 4, the encrypted message 150 is received, along with decryption script 148.
Message decryption 154 utilizes password data 152 provided by the customer to decrypt the received message.
In embodiments where a reply encryption password 140 and reply encryption script 144 are included in the original message, these can be obtained from the clear message 156 and used in the encryption 160 of a reply message 162 to create and send an encrypted reply 164 to the original sender.
That is, where the reply encryption script 144 and password 140 are encrypted and sent with the original message, they can be obtained when the message is decrypted and used to encrypt a reply, creating encrypted reply 164.
FIG. 5 is an operational flow diagram illustrating a process for decrypting a received message 150 and sending an encrypted reply message 164 according to one embodiment of the invention. In a step 242, encrypted
message 150 is received at client computer 104. As stated above, also received at client computer 104 is decryption script 148 that was attached or otherwise included with the encrypted message 150. The included decryption script 148 is executed to allow the received message to be decrypted. In one embodiment, decryption script 148 is JavaScript that automatically executes when the recipient chooses to read the message.
The decryption script 148 in one embodiment can provide a prompt to the user to enter the password information used to create a password for the decryption. Alternatively, a query for the password information may be provided as supplemental information with the message 150. For example, in one embodiment, an HTML form can be included with the message or as part of decryption script 148, requesting that the user enter the specified password information. This information is then combined to provide a password for decryption of the message. This is illustrated by steps 244 and 246. To list just one example, in one embodiment, the user may be prompted to enter the last four digits of his or her Social Security number, the first five digits of his account number, and his or her birth date. In another example, the user may be asked to enter information that can be obtained by looking at one of his or her previous statements. As will become apparent to one of ordinary skill in the art after reading this description, the particular pieces of information provided above are provided for purposes of description only and as one of ordinary skill in the art would understand, other pieces of information can be used to build the password. In this manner, a variety of different pieces of information commonly known by or available to both the sender and the recipient can be used in unique and different combinations to create passwords for encryption and decryption.
Preferably, in one embodiment enough information is used to create the password such that an unintended recipient would not be able to properly
provide the requested password information. In a preferred embodiment, the password information actually used to create the password does not comprise complete pieces of information. For example, instead of using a customer's complete Social Security Number, the routine may only use part of the number (e.g., the last four digits).
The password is then used by decryption script 148 to decrypt the message in a step 248. In one embodiment, if the wrong password is provided, the recipient may see a message stating such or may simply see garbage or unintelligible characters on the screen. Because the decryption script 148 was provided by the sender with the message 150, there is no need for the recipient to have previously installed a decryption program on his or her machine. Also, where decryption script 148 is self-executing or self-starting, the user need not perform additional steps to begin the decryption process other than provide the requested password information. Furthermore, a specific password does not have to be agreed upon in advance between the sender and recipient to allow the recipient to decode the message. Also, because password information available to the server 108 is used to create a password, there is no need to have a separate password file. As stated above, where a reply to the original sender is required or desired, another aspect of the invention enables encryption of the reply such that it can be decrypted upon receipt by the original sender at server 108. To accomplish this, the reply encryption script 144 and reply password 140 are obtained from the decrypted message 156 sent by the original sender. The encryption script 144 and encryption password 140 are used to encrypt the reply 162 prior to sending the reply to the original sender. This is illustrated by steps 252, 254, 256, and 258.
Because the original sender provided the reply encryption password 140 to the recipient, the original sender can use this password to decrypt the reply. Again, this provides the advantage that the sender and recipient do not need to establish agreed upon passwords in advance, even for encrypted replies. Instead, a password created by the original sender can be provided to the recipient in encrypted message 150 for the recipient to use in generating the encrypted reply 164. Alternatively, the reply can use the same password used to decrypt the message. In yet another alternative, the original sender can include a password creation algorithm in the encrypted message 150 enabling the recipient to create a password based on information known to or available to the recipient. This same information would then be used by the sender when it receives the encrypted reply 164 to create the password for decryption of the encrypted reply 164.
Because a specific and different reply encryption password 140 can be provided for each of a plurality of recipients, the original sender can authenticate a response or a reply received from recipients. That is, if server 108 sends multiple messages to a group of clients 104, it can create and store a unique encryption password 140 for each individual recipient. Thus, each reply from each of these recipients will be encrypted using a unique encryption password. Thus, when the original sender applies the password to decrypt the encrypted reply 164, if the decryption is successful, the message is authenticated as having come from that particular recipient. Further, the password can be created, at least in part, using the recipient's network address or a specific reply address to which the recipient was directed to reply. This ensures a unique reply encryption password, enabling the system to authenticate the reply as coming from the designated customer at a client computer 104. Preferably, the reply address is actually only part, but not all of the information used to create the password.
The various embodiments, aspects and features of the invention described above may be implemented using hardware, software or a combination thereof and may be implemented using a computing system having one or more processors. In fact, in one embodiment, these elements are implemented using a processor-based system capable of carrying out the functionality described with respect thereto. An example processor-based system 502 is shown in FIG. 6 according to one embodiment of the invention. The computer system 502 includes one or more processors, such as processor 504. The processor 504 is connected to a communication bus 506. Various software embodiments are described in terms of this example computer system. The embodiments, features and functionality of the invention as described above are not dependent on a particular computer system or processor architecture or on a particular operating system. In fact, after reading this document, it will become apparent to a person of ordinary skill in the relevant art how to implement the invention using other computer or processor systems and/or architectures.
Processor-based system 502 can include a main memory 508, preferably random access memory (RAM), and can also include a secondary memory 510. The secondary memory 510 can include, for example, a hard disk drive 512 and/or a removable storage drive 514, representing a floppy disk drive, a magnetic tape drive, an optical disk drive, etc. The removable storage drive 514 reads from and/or writes to a removable storage medium 518 in a well known manner. Removable storage media 518, represents a floppy disk, magnetic tape, optical disk, etc. which is read by and written to by removable storage drive 514.
As will be appreciated, the removable storage media 518 includes a computer usable storage medium having stored therein computer software and/or data. In alternative embodiments, secondary memory 510 may include other similar means for allowing computer programs or other instructions to be loaded into computer system 502. Such means can include, for example, a removable
storage unit 522 and an interface 520. Examples of such can include a program cartridge and cartridge interface (such as that found in video game devices), a removable memory chip (such as an EPROM, or PROM) and associated socket, and other removable storage units 522 and interfaces 520 which allow software and data to be transferred from the removable storage unit 518 to computer system 502.
Computer system 502 can also include a communications interface 524.
Communications interface 524 allows software and data to be transferred between computer system 502 and external devices. Examples of communications interface 524 can include a modem, a network interface (such as, for example, an Ethernet card), a communications port, a PCMCIA slot and card, etc. Software and data transferred via communications interface 524 are in the form of signals which can be electronic, electromagnetic, optical or other signals capable of being received by communications interface 524. These signals are provided to communications interface via a channel 528. This channel 528 carries signals and can be implemented using a wireless medium, wire or cable, fiber optics, or other communications medium. Some examples of a channel can include a phone line, a cellular phone link, an RF link, a network interface, and other communications channels. In this document, the terms "computer program medium" and "computer usable medium" are used to generally refer to media such as removable storage device 518, a disk capable of installation in disk drive 512, and signals on channel 528. These computer program products are means for providing software or program instructions to computer system 502. Computer programs (also called computer control logic) are stored in main memory 508 and/or secondary memory 510. Computer programs can also be received via communications interface 524. Such computer programs, when executed, enable the computer system 502 to perform the features of the present
invention as discussed herein. In particular, the computer programs, when executed, enable the processor 504 to perform the features of the present invention. Accordingly, such computer programs represent controllers of the computer system 502. In an embodiment where the elements are implemented using software, the software may be stored in, or transmitted via, a computer program product and loaded into computer system 502 using removable storage drive 514, hard drive 512 or communications interface 524. The control logic (software), when executed by the processor 504, causes the processor 504 to perform the functions of the invention as described herein.
In another embodiment, the elements are implemented primarily in hardware using, for example, hardware components such as PALs, application specific integrated circuits (ASICs) or other hardware components. Implementation of a hardware state machine so as to perform the functions described herein will be apparent to persons skilled in the relevant art(s). In yet another embodiment, elements are implemented using a combination of both hardware and software.
4. Conclusion While various embodiments of the present invention have been described above, it should be understood that they have been presented by way of example only, and not limitation. Thus, the breadth and scope of the present invention should not be limited by any of the above-described exemplary embodiments, but should be defined only in accordance with the following claims and their equivalents.