WO2000049786A1 - Message encryption system and method - Google Patents

Message encryption system and method Download PDF

Info

Publication number
WO2000049786A1
WO2000049786A1 PCT/US2000/003834 US0003834W WO0049786A1 WO 2000049786 A1 WO2000049786 A1 WO 2000049786A1 US 0003834 W US0003834 W US 0003834W WO 0049786 A1 WO0049786 A1 WO 0049786A1
Authority
WO
WIPO (PCT)
Prior art keywords
password
message
recipient
encryption
computer program
Prior art date
Application number
PCT/US2000/003834
Other languages
French (fr)
Inventor
Darren H. New
Original Assignee
Messagemedia, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Messagemedia, Inc. filed Critical Messagemedia, Inc.
Priority to AU34913/00A priority Critical patent/AU3491300A/en
Publication of WO2000049786A1 publication Critical patent/WO2000049786A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4097Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
    • G06Q20/40975Device specific authentication in transaction processing using mutual authentication between devices and transaction partners using encryption therefor
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1016Devices or methods for securing the PIN and other transaction-data, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/07User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail characterised by the inclusion of specific contents
    • H04L51/18Commands or executable codes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/34Network arrangements or protocols for supporting network services or applications involving the movement of software or configuration parameters 
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/041Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 using an encryption or decryption engine integrated in transmitted data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/30Definitions, standards or architectural aspects of layered protocol stacks
    • H04L69/32Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
    • H04L69/322Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
    • H04L69/329Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer [OSI layer 7]

Definitions

  • the present invention relates generally to message delivery and more specifically to a system and method for message encryption.
  • LAN local area network
  • the Internet can be thought of as an extension of local area network technology.
  • the Internet originally began as a communication network through which government researchers, scientists and other personnel could exchange data or other information between offices and facilities throughout the world.
  • the Internet became accessible to the public.
  • the public was slow to embrace the Internet, and it seemed as if the Internet would remain nothing more than a way for a select group of technologists to exchange e-mails and other data or information.
  • entrepreneurs who envisioned the growth of the consumer market for Internet services were able to attract a large number of consumers into the fold.
  • a sort of snowball effect ensued in which more and more consumers became Internet users, and in turn, more and more businesses rushed to get web pages set up on an Internet server.
  • With more businesses offering information, products and services on the Web more consumers were attracted to the Internet. This cycle rapidly fed on itself virtually creating an explosion on the Internet.
  • the present invention is directed toward a system and method for enabling the transfer of secure messages across a network, such as the Internet or other public, quasi-public or private network.
  • a secure reply can be sent from the recipient of the original message to the sender of the original message to ensure the privacy of the reply.
  • password encryption is used to encrypt the body of the message to ensure privacy of the body.
  • the password can be created by combining two or more pieces of password information known to or available to both the sender and the recipient. More specifically, according to this aspect, the password can be created by the sender prior to message encryption, and can also be created by the recipient at the recipient end to allow the recipient to decrypt the message.
  • a decryption script can be provided along with the encrypted message to the recipient.
  • the decryption script which comprises executable code such as, for example, JavaScript or other executable code is sent to the recipient along with the message and executed by the recipient's computer when the message is read.
  • a reply encryption script and reply encryption password can also be provided with the message to enable the recipient to create an encrypted reply to the original message.
  • the encryption script and reply password are included with the encrypted body of the original message such that the privacy, security or accuracy of these pieces of information are maintained during transmission of the message to the recipient.
  • These pieces of information can be decrypted by the recipient during the decryption process such that they can be used by the recipient to encrypt a reply.
  • this decryption script can be used by the recipient's computer to decrypt the message.
  • this decryption script is somewhat self- executing such as, for example, JavaScript embodiments
  • execution of the decryption script occurs automatically without the need to install software at the recipient computer. This aspect, too, is particularly advantageous in situations where a sender desires to send encrypted messages to a plurality of recipients at a plurality of different computing locations.
  • Yet another advantage that can be obtained from one or more aspects of the invention is that the recipient can generate an encrypted reply to the original sender using password information or an encrypted password received from the sender, such that the encrypted reply can be decrypted upon receipt by the original sender.
  • This too, can yield the advantage that encryption/decryption algorithms and passwords do not need to be coordinated and exchanged among various senders and recipients.
  • FIG. 1 is a diagram illustrating an example environment in which the invention can be implemented.
  • FIG. 2 is a functional block diagram illustrating the functionality of one embodiment of the invention.
  • FIG. 3 is an operational flow diagram illustrating the encryption of a message according to one embodiment of the invention.
  • FIG. 4 is a functional block diagram illustrating message decryption according to one embodiment of the invention.
  • FIG. 5 is an operational flow diagram illustrating a process for message decryption and encryption of a reply according to one embodiment of the invention.
  • FIG. 6 is a block diagram illustrating an example computer architecture according to one embodiment of the invention.
  • the present invention is directed toward a system and method for enabling the transfer of secure messages across a network, such as the Internet or other public or quasi-public network.
  • the present invention can provide encryption of messages such as, for example, e- mail messages sent between computer users.
  • one or more features can be provided to ensure the privacy of messages sent to one or more other computer users, as well as privacy in replies received from those users.
  • the message is encrypted, and a decryption script is included with the message sent to the designated recipient. Upon receipt, the recipient executes the decryption script to decrypt the encrypted message.
  • the encryption can be a password encryption, and the password used can be created using one or more pieces of information of which the recipient has knowledge. In this embodiment, the recipient is queried to provide this information upon decryption, and this information is used to provide the decryption password.
  • an encryption script can be included with the message sent such that the recipient can use this encryption script to encrypt a reply.
  • FIG. 1 Before describing the invention in detail, it is useful to describe a simple example environment in which the invention can be implemented.
  • One such example environment is a computing network across which two or more network users communicate with one another.
  • Communication networks such as those that would benefit from the features of the present invention, can be implemented in a number of different configurations with a number of different architectures.
  • implementation of the various features and aspects of the present invention is not dependent on a particular or specific architecture of a communication network or a particular communication interface between one or more computers.
  • FIG. 1 An example communication network is described with reference to FIG. 1.
  • a network 106 provides a vehicle for communication among a plurality of computers 104, 108.
  • Network 106 can be implemented as a LAN or WAN using, for example, common network technology such as Ethernet, SONET, ISDN, or other network technology.
  • common network technology such as Ethernet, SONET, ISDN, or other network technology.
  • network 106 is a quasi-public network, such as, for example, the Internet.
  • FIG. 1 Illustrated in FIG. 1 are two classes of computers: servers 108 and clients 104. This distinction is provided to illustrate that one or more users of network 106 at client workstations 104 may receive or access information from one or more servers 108. In fact, one operational scenario that can be described to set the stage for description of the invention is that in which one or more servers 108 prepare and send confidential messages to one or more users at one or more client workstations 104.
  • the example environment can comprise one or more classes of computers in communication with one another, and is not limited to scenarios specifically utilizing "servers" and "clients" as illustrated in FIG. 1.
  • server computers 108 may be computing resources at a bank, credit union, investment brokerage, or other financial institution, and the institution desires to send account information or other confidential information to its various customers at client computers 104 via network 106.
  • the institution may also request that the customer at a client workstation 104 reply to their message via network 106.
  • Replies can include, for example, queries regarding statements received, account manipulation requests by the customer, or any other reply that may be sent from a customer to the institution.
  • the present invention provides several features that can be included in one or more computer processing systems such as computer servers or other processing systems that communicate electronic information to one or more other devices. These features can be implemented individually or collectively to help ensure confidentiality in the communication channel.
  • One such feature includes the encryption of messages such as, for example, e-mail messages, sent from a sender to a recipient via a communication network such as network 106.
  • FIG. 2 is a block diagram illustrating an example functional architecture for the encryption of a message according to one embodiment of the invention.
  • the encryption utilizes password encryption.
  • the embodiment includes a password creation function 136.
  • the password is created utilizing one or more pieces of password information 132 available to server 108.
  • password information 132 can include information such as, for example, personal information of the particular customer to whom the message is being sent.
  • password information can be defined differently for various applications, password information 132 may include information such as, for example, customer account number or account information; customer personal information such as birth date, Social Security number, mother's maiden name, or other personal information; or other information that may be unique or somewhat unique to the particular customer.
  • the password information 132 is available on one or more databases at the server site 108, and is also known to or determinable by the recipient.
  • the password creation function 136 retrieves one or more pieces of password information 132 from the database and combines these pieces to create a password for the encryption of the message to be sent to the customer. Because in this embodiment the password creation function is using pieces of information known to or available to the recipient, the password can be recreated for decryption at client 104 using information entered by the recipient at the recipient's end.
  • the content of the message referred to as the body 134 is provided to encryption engine 138, which performs the encryption.
  • the body of the message 134 can include the sensitive part of the message that the sender desires to be encrypted.
  • the body might include, for example, a customer account statement or other sensitive information.
  • the encryption is based on the password created by password creation function 136.
  • the encryption algorithms used are implemented using, for example, ARCFour (also known as RC4®), or other encryption algorithms, whether they be commercially available or custom created. Note that with some encryption programs, users are prevented from using the same password twice. RC4® is one such algorithm. In such a system, however, an initialization vector can be used and included in the message as would be obvious to one of ordinary skill in the art after reading this disclosure.
  • Message creation 146 completes the message by appending additional information or materials to the encrypted body.
  • a decryption script 148 is appended, which allows the client 104 to decrypt the message upon receipt.
  • Decryption script 148 can be implemented, for example, as a JavaScript or other executable code that can be executed by client computer 104 upon receipt.
  • JavaScript One advantage of JavaScript is that it allows execution on a variety of different client machines and can be optimized for the user's browser. This is particularly useful in applications such as Internet applications.
  • Supplemental information 142 may also include code to allow the recipient computer to prompt the user for password information and to combine the password information to create the decryption password.
  • One example includes an electronic form or forms to be filled out by the recipient requesting password information to be used in creating a decryption password.
  • Another example is JavaScript or other executable code configured to prompt the recipient for password information and to combine the entered password information to derive the decryption password.
  • JavaScript, a form or other password code can be provided as supplemental information or as part of decryption script 148.
  • a form can be provided to prompt the recipient for the password information and the decryption script can combine the information to obtain the decryption password.
  • the combination of the encrypted body along with supplemental information and decryption script 148 results in an encrypted message 150 with an attached decryption script 148.
  • the encrypted message 150, along with decryption script 148 can be sent to the recipient, with at least the body 134 of the message 150 being secure.
  • a reply encryption password 140 and a reply encryption script 144 can also be provided to encryption engine 138 for encryption and inclusion with encrypted message 150.
  • Reply encryption password 140 and reply encryption script 144 included with message 150 can be used by the recipient to encrypt a reply message.
  • FIG. 3 is an operational flow diagram illustrating a process for encrypting and sending a message according to one embodiment of the invention.
  • server 108 builds the message to be sent. More particularly, in this step, server 108 builds body 134 of the message to be sent.
  • this message can include, for example, statements, account information, or any other information that the sender desires to remain confidential.
  • the process of building message body 134 can be automated such that a computer system at or associated with server 108 automatically generates an electronic version of the content of the message. For example, a bank computer system may automatically generate monthly account statements in electronic form.
  • a bank computer system may automatically generate monthly account statements in electronic form.
  • the step of generating message body 134 can be accomplished by retrieving data from a database135 accessible by server 108 and compiling this data as the body 134 of the message to be sent.
  • message body 134 can also be created manually, based on user activity or intervention.
  • the password is prepared for encryption of the message.
  • the password is prepared by combining selected information available to the server in a password information database 132 and can include personal information or other information known to or obtainable by the customer at a client computer 104.
  • Password information database 132 can be one or more databases at or accessible by server 108 that store one or more pieces of password information as they may be defined for a particular application.
  • the prepared password is used to encrypt the message. Because the password is created using information known to or available to the recipient, he or she can be queried to enter this information upon receipt of the message 150, and the decryption password can be recreated locally at the client computer 104.
  • One advantage of this embodiment is that password encryption can be implemented with institutions or other entities having a large number of customers, clients, or other message recipients, and a unique, or at least unguessable, password can be created for each of these recipients based on password information 132. As such, elaborate schemes for establishing passwords in coordination with each of the various clients, customers, or other recipients need not be implemented.
  • a decryption script 148 is attached to the message prior to transmission.
  • decryption script 148 can be JavaScript or other executable code that can be executed by the recipient's computer 104 upon receipt of encrypted message 150.
  • decryption script 148 is included as an attachment to an e-mail message 150.
  • decryption script 148 is attached by otherwise including it with the message being sent. Address and other supplemental information can be included with message 150 and message 150 sent to the recipient as illustrated by steps 212 and 214.
  • an encryption password 140 and reply encryption script 144 can be included in encrypted message 150 to enable the user to send an encrypted reply 164 (see FIG. 4) to the sender. This is illustrated by steps 216 and 218.
  • the encryption script 144 and encryption password 140 are encrypted prior to transmission of the message to the recipient. This ensures security of the encryption code 144 and password 140.
  • encryption script 144 is JavaScript or other executable code that can run on client computer 104, preferably with little or no user intervention.
  • reply encryption password 140 can be the same as the encryption password used to send the original message from the sender at server 108 to the recipient at client 104.
  • FIG. 4 is a block diagram illustrating an example functional architecture for the decryption of a received message 150 and the encryption of a reply message 162 according to one embodiment of the invention. Referring now to FIG. 4, the encrypted message 150 is received, along with decryption script 148.
  • Message decryption 154 utilizes password data 152 provided by the customer to decrypt the received message.
  • a reply encryption password 140 and reply encryption script 144 are included in the original message, these can be obtained from the clear message 156 and used in the encryption 160 of a reply message 162 to create and send an encrypted reply 164 to the original sender.
  • reply encryption script 144 and password 140 are encrypted and sent with the original message, they can be obtained when the message is decrypted and used to encrypt a reply, creating encrypted reply 164.
  • FIG. 5 is an operational flow diagram illustrating a process for decrypting a received message 150 and sending an encrypted reply message 164 according to one embodiment of the invention.
  • encrypted message 150 is received at client computer 104.
  • decryption script 148 also received at client computer 104 is decryption script 148 that was attached or otherwise included with the encrypted message 150.
  • the included decryption script 148 is executed to allow the received message to be decrypted.
  • decryption script 148 is JavaScript that automatically executes when the recipient chooses to read the message.
  • the decryption script 148 in one embodiment can provide a prompt to the user to enter the password information used to create a password for the decryption.
  • a query for the password information may be provided as supplemental information with the message 150.
  • an HTML form can be included with the message or as part of decryption script 148, requesting that the user enter the specified password information. This information is then combined to provide a password for decryption of the message. This is illustrated by steps 244 and 246.
  • the user may be prompted to enter the last four digits of his or her Social Security number, the first five digits of his account number, and his or her birth date.
  • the user may be asked to enter information that can be obtained by looking at one of his or her previous statements.
  • information that can be obtained by looking at one of his or her previous statements.
  • the particular pieces of information provided above are provided for purposes of description only and as one of ordinary skill in the art would understand, other pieces of information can be used to build the password.
  • a variety of different pieces of information commonly known by or available to both the sender and the recipient can be used in unique and different combinations to create passwords for encryption and decryption.
  • the password information actually used to create the password does not comprise complete pieces of information.
  • the routine may only use part of the number (e.g., the last four digits).
  • the password is then used by decryption script 148 to decrypt the message in a step 248.
  • the recipient may see a message stating such or may simply see garbage or unintelligible characters on the screen. Because the decryption script 148 was provided by the sender with the message 150, there is no need for the recipient to have previously installed a decryption program on his or her machine. Also, where decryption script 148 is self-executing or self-starting, the user need not perform additional steps to begin the decryption process other than provide the requested password information. Furthermore, a specific password does not have to be agreed upon in advance between the sender and recipient to allow the recipient to decode the message.
  • password information available to the server 108 is used to create a password, there is no need to have a separate password file.
  • another aspect of the invention enables encryption of the reply such that it can be decrypted upon receipt by the original sender at server 108.
  • the reply encryption script 144 and reply password 140 are obtained from the decrypted message 156 sent by the original sender.
  • the encryption script 144 and encryption password 140 are used to encrypt the reply 162 prior to sending the reply to the original sender. This is illustrated by steps 252, 254, 256, and 258. Because the original sender provided the reply encryption password 140 to the recipient, the original sender can use this password to decrypt the reply.
  • a password created by the original sender can be provided to the recipient in encrypted message 150 for the recipient to use in generating the encrypted reply 164.
  • the reply can use the same password used to decrypt the message.
  • the original sender can include a password creation algorithm in the encrypted message 150 enabling the recipient to create a password based on information known to or available to the recipient. This same information would then be used by the sender when it receives the encrypted reply 164 to create the password for decryption of the encrypted reply 164.
  • the original sender can authenticate a response or a reply received from recipients. That is, if server 108 sends multiple messages to a group of clients 104, it can create and store a unique encryption password 140 for each individual recipient. Thus, each reply from each of these recipients will be encrypted using a unique encryption password. Thus, when the original sender applies the password to decrypt the encrypted reply 164, if the decryption is successful, the message is authenticated as having come from that particular recipient. Further, the password can be created, at least in part, using the recipient's network address or a specific reply address to which the recipient was directed to reply.
  • the various embodiments, aspects and features of the invention described above may be implemented using hardware, software or a combination thereof and may be implemented using a computing system having one or more processors. In fact, in one embodiment, these elements are implemented using a processor-based system capable of carrying out the functionality described with respect thereto.
  • An example processor-based system 502 is shown in FIG. 6 according to one embodiment of the invention.
  • the computer system 502 includes one or more processors, such as processor 504.
  • the processor 504 is connected to a communication bus 506.
  • Processor-based system 502 can include a main memory 508, preferably random access memory (RAM), and can also include a secondary memory 510.
  • the secondary memory 510 can include, for example, a hard disk drive 512 and/or a removable storage drive 514, representing a floppy disk drive, a magnetic tape drive, an optical disk drive, etc.
  • the removable storage drive 514 reads from and/or writes to a removable storage medium 518 in a well known manner.
  • Removable storage media 518 represents a floppy disk, magnetic tape, optical disk, etc. which is read by and written to by removable storage drive 514.
  • the removable storage media 518 includes a computer usable storage medium having stored therein computer software and/or data.
  • secondary memory 510 may include other similar means for allowing computer programs or other instructions to be loaded into computer system 502.
  • Such means can include, for example, a removable storage unit 522 and an interface 520. Examples of such can include a program cartridge and cartridge interface (such as that found in video game devices), a removable memory chip (such as an EPROM, or PROM) and associated socket, and other removable storage units 522 and interfaces 520 which allow software and data to be transferred from the removable storage unit 518 to computer system 502.
  • Computer system 502 can also include a communications interface 524.
  • Communications interface 524 allows software and data to be transferred between computer system 502 and external devices.
  • communications interface 524 can include a modem, a network interface (such as, for example, an Ethernet card), a communications port, a PCMCIA slot and card, etc.
  • Software and data transferred via communications interface 524 are in the form of signals which can be electronic, electromagnetic, optical or other signals capable of being received by communications interface 524. These signals are provided to communications interface via a channel 528.
  • This channel 528 carries signals and can be implemented using a wireless medium, wire or cable, fiber optics, or other communications medium.
  • Some examples of a channel can include a phone line, a cellular phone link, an RF link, a network interface, and other communications channels.
  • computer program medium and “computer usable medium” are used to generally refer to media such as removable storage device 518, a disk capable of installation in disk drive 512, and signals on channel 528.
  • These computer program products are means for providing software or program instructions to computer system 502.
  • Computer programs also called computer control logic
  • Computer programs are stored in main memory 508 and/or secondary memory 510.
  • Computer programs can also be received via communications interface 524.
  • Such computer programs when executed, enable the computer system 502 to perform the features of the present invention as discussed herein.
  • the computer programs when executed, enable the processor 504 to perform the features of the present invention. Accordingly, such computer programs represent controllers of the computer system 502.
  • the software may be stored in, or transmitted via, a computer program product and loaded into computer system 502 using removable storage drive 514, hard drive 512 or communications interface 524.
  • the control logic when executed by the processor 504, causes the processor 504 to perform the functions of the invention as described herein.
  • the elements are implemented primarily in hardware using, for example, hardware components such as PALs, application specific integrated circuits (ASICs) or other hardware components. Implementation of a hardware state machine so as to perform the functions described herein will be apparent to persons skilled in the relevant art(s). In yet another embodiment, elements are implemented using a combination of both hardware and software.

Abstract

According to one aspect of the invention, a message is encrypted, and a decryption script is included with the message sent to a designated recipient. Upon receipt, the recipient executes the decryption script to decrypt the encrypted message. According to another aspect of the invention, the encryption can be a password encryption, and the password used can be created using one or more pieces of information of which the recipient has knowledge. In this embodiment, the recipient is queried to provide this information upon decryption, and this information is used to provide the decryption password. According to another aspect of the invention, an encryption script can be included with the message sent such that the recipient can use this encryption script to encrypt a reply.

Description

MESSAGE ENCRYPTION SYSTEM AND METHOD
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates generally to message delivery and more specifically to a system and method for message encryption.
2. Related Art
The proliferation of processors and processor-based systems in recent years has led to a tremendous increase in the ability of businesses, industry and individuals to share or otherwise communicate information. Most computers and workstations in today's homes and offices are connected in some manner to another computer or workstation, either locally or remotely. An early form of such inter-connection of computing systems is the local area network (LAN). Using LAN technology, several computers, workstations, peripherals, or other related devices can be connected to share data among one another and to share network resources.
The Internet can be thought of as an extension of local area network technology. The Internet originally began as a communication network through which government researchers, scientists and other personnel could exchange data or other information between offices and facilities throughout the world. Eventually, the Internet became accessible to the public. Initially, the public was slow to embrace the Internet, and it seemed as if the Internet would remain nothing more than a way for a select group of technologists to exchange e-mails and other data or information. Eventually, however, entrepreneurs who envisioned the growth of the consumer market for Internet services were able to attract a large number of consumers into the fold. As a result, a sort of snowball effect ensued in which more and more consumers became Internet users, and in turn, more and more businesses rushed to get web pages set up on an Internet server. With more businesses offering information, products and services on the Web, more consumers were attracted to the Internet. This cycle rapidly fed on itself virtually creating an explosion on the Internet.
However, the proliferation of the Internet did not stop with simply making web pages available to the Internet users, or web surfers. In the true capitalistic spirit, providers of goods and services began offering enhanced web services as add-on features to their goods and services. Seemingly overnight, entrepreneurs and businesses jumped on to the Internet bandwagon. On top of that, hundreds, if not thousands, of new businesses were created to offer Internet-related services.
However, in spite of this proliferation, there are still shortcomings in Internet-related services. For example, because the Internet is a public or quasi- public network, there are privacy and security concerns associated with exchanging information thereon. Where parties wish to exchange confidential or sensitive information over a public or quasi-public network such as the Internet, they often take steps to encrypt or otherwise secure the contents of the communication.
However, conventional encryption and decryption techniques require a relatively high level of coordination between the sender and recipient. For example, with some conventional encryption/decryption packages, the recipient must load a copy of the appropriate decryption software onto his or her machine in order to decrypt messages from a particular sender. This may be a suitable scenario for certain computer-savvy users. However, where a sender provides multiple messages to many different users, some of whom may be somewhat unskilled in the world of computing, the prospect of having to provide software to each of the recipients may be less than desirable. This is amplified by considerations that the recipient must successfully install and execute the software, which may present some very real practicality problems. Additionally, where the recipients deal with many different senders, the recipients may need to have several decryption packages installed on their machine. Such solutions are less than ideal.
SUMMARY OF THE INVENTION
The present invention is directed toward a system and method for enabling the transfer of secure messages across a network, such as the Internet or other public, quasi-public or private network. According to another aspect of the invention, a secure reply can be sent from the recipient of the original message to the sender of the original message to ensure the privacy of the reply. The features and advantages of the invention are accomplished according to one or more aspects of the invention that can be implemented individually or collectively in any of a number of different environments or applications in which electronic messaging is used to allow computer users to communicate with one another.
According to one aspect of the invention, password encryption is used to encrypt the body of the message to ensure privacy of the body. According to another aspect of the invention, the password can be created by combining two or more pieces of password information known to or available to both the sender and the recipient. More specifically, according to this aspect, the password can be created by the sender prior to message encryption, and can also be created by the recipient at the recipient end to allow the recipient to decrypt the message.
According to another aspect of the invention, to facilitate decryption at the recipient's end, a decryption script can be provided along with the encrypted message to the recipient. The decryption script, which comprises executable code such as, for example, JavaScript or other executable code is sent to the recipient along with the message and executed by the recipient's computer when the message is read.
According to another aspect of the invention, a reply encryption script and reply encryption password can also be provided with the message to enable the recipient to create an encrypted reply to the original message.
Preferably, the encryption script and reply password are included with the encrypted body of the original message such that the privacy, security or accuracy of these pieces of information are maintained during transmission of the message to the recipient. These pieces of information can be decrypted by the recipient during the decryption process such that they can be used by the recipient to encrypt a reply.
One advantage that can be obtained from one or more aspects of the invention is that passwords need not be coordinated and set up in advance among the sender and recipient. Instead, using the password information known to or available to both the sender and the recipient to create a password, the password can be created on each end without requiring the set up and exchange of passwords in advance. This advantage can be particularly beneficial in a situation where a sender desires to send a plurality of messages to a plurality of different recipients at different locations. The advantages of not having to coordinate passwords among a large number of recipients are numerous. Another advantage that can be obtained from one or more aspects of the invention is that decryption software need not be distributed to and installed by recipients of the encrypted message. Because according to one aspect of the invention a decryption script is provided with the encrypted message, this decryption script can be used by the recipient's computer to decrypt the message. In embodiments where the decryption script is somewhat self- executing such as, for example, JavaScript embodiments, execution of the decryption script occurs automatically without the need to install software at the recipient computer. This aspect, too, is particularly advantageous in situations where a sender desires to send encrypted messages to a plurality of recipients at a plurality of different computing locations.
Yet another advantage that can be obtained from one or more aspects of the invention is that the recipient can generate an encrypted reply to the original sender using password information or an encrypted password received from the sender, such that the encrypted reply can be decrypted upon receipt by the original sender. This, too, can yield the advantage that encryption/decryption algorithms and passwords do not need to be coordinated and exchanged among various senders and recipients.
Further features and advantages of the invention in accordance with one or more embodiments are described in detail below.
BRIEF DESCRIPTION OF THE DRAWINGS
FIG. 1 is a diagram illustrating an example environment in which the invention can be implemented.
FIG. 2 is a functional block diagram illustrating the functionality of one embodiment of the invention.
FIG. 3 is an operational flow diagram illustrating the encryption of a message according to one embodiment of the invention. FIG. 4 is a functional block diagram illustrating message decryption according to one embodiment of the invention.
FIG. 5 is an operational flow diagram illustrating a process for message decryption and encryption of a reply according to one embodiment of the invention. FIG. 6 is a block diagram illustrating an example computer architecture according to one embodiment of the invention.
Detailed Description of the Preferred Embodiments
1. Introduction and Overview
The present invention is directed toward a system and method for enabling the transfer of secure messages across a network, such as the Internet or other public or quasi-public network. According to one aspect, the present invention can provide encryption of messages such as, for example, e- mail messages sent between computer users. According to the invention, one or more features can be provided to ensure the privacy of messages sent to one or more other computer users, as well as privacy in replies received from those users.
According to one aspect of the invention, the message is encrypted, and a decryption script is included with the message sent to the designated recipient. Upon receipt, the recipient executes the decryption script to decrypt the encrypted message. According to another aspect of the invention, the encryption can be a password encryption, and the password used can be created using one or more pieces of information of which the recipient has knowledge. In this embodiment, the recipient is queried to provide this information upon decryption, and this information is used to provide the decryption password. According to yet another aspect of the invention, an encryption script can be included with the message sent such that the recipient can use this encryption script to encrypt a reply. 2. Example Environment
Before describing the invention in detail, it is useful to describe a simple example environment in which the invention can be implemented. One such example environment is a computing network across which two or more network users communicate with one another. Communication networks such as those that would benefit from the features of the present invention, can be implemented in a number of different configurations with a number of different architectures. In fact, as will become apparent to one of ordinary skill in the art after reading this description, implementation of the various features and aspects of the present invention is not dependent on a particular or specific architecture of a communication network or a particular communication interface between one or more computers. However, to facilitate a description of the invention, an example communication network is described with reference to FIG. 1.
Referring now to FIG. 1 , a network 106 provides a vehicle for communication among a plurality of computers 104, 108. Network 106 can be implemented as a LAN or WAN using, for example, common network technology such as Ethernet, SONET, ISDN, or other network technology. In fact, in one embodiment, it is contemplated that network 106 is a quasi-public network, such as, for example, the Internet.
Illustrated in FIG. 1 are two classes of computers: servers 108 and clients 104. This distinction is provided to illustrate that one or more users of network 106 at client workstations 104 may receive or access information from one or more servers 108. In fact, one operational scenario that can be described to set the stage for description of the invention is that in which one or more servers 108 prepare and send confidential messages to one or more users at one or more client workstations 104. Of course, the example environment can comprise one or more classes of computers in communication with one another, and is not limited to scenarios specifically utilizing "servers" and "clients" as illustrated in FIG. 1.
Although any application may utilize the communication functionality of a network 106, a few example applications are described to better illustrate potential real-world uses for the communication medium. For example, server computers 108 may be computing resources at a bank, credit union, investment brokerage, or other financial institution, and the institution desires to send account information or other confidential information to its various customers at client computers 104 via network 106. The institution may also request that the customer at a client workstation 104 reply to their message via network 106. Replies can include, for example, queries regarding statements received, account manipulation requests by the customer, or any other reply that may be sent from a customer to the institution. Other examples of applications that may wish to communicate confidential proprietary information across network 106 can include, for example, frequent flyer programs; companies that do billing or invoicing or other account processing over network 106; or any other business, institution, or entity desiring to share electronic information with one or more clients or customers across a network such as network 106.
The invention is described herein in terms of this example environment, and more specifically, in terms of a server system 108 creating and sending a secure message to a client system 104. Description in these terms is provided for ease of discussion only. After reading the description herein, it will become apparent to one of ordinary skill in the art that the present invention can be implemented in any of a number of different computing environments where it is desirable to ensure the confidentiality or integrity of message among computing resources. 3. Message Transfer
The present invention provides several features that can be included in one or more computer processing systems such as computer servers or other processing systems that communicate electronic information to one or more other devices. These features can be implemented individually or collectively to help ensure confidentiality in the communication channel. One such feature includes the encryption of messages such as, for example, e-mail messages, sent from a sender to a recipient via a communication network such as network 106.
FIG. 2 is a block diagram illustrating an example functional architecture for the encryption of a message according to one embodiment of the invention. According to the embodiment illustrated in FIG. 2, the encryption utilizes password encryption. As such, the embodiment includes a password creation function 136. According to one embodiment, the password is created utilizing one or more pieces of password information 132 available to server 108. For example, in one embodiment of the invention, password information 132 can include information such as, for example, personal information of the particular customer to whom the message is being sent. Although password information can be defined differently for various applications, password information 132 may include information such as, for example, customer account number or account information; customer personal information such as birth date, Social Security number, mother's maiden name, or other personal information; or other information that may be unique or somewhat unique to the particular customer. Preferably, the password information 132 is available on one or more databases at the server site 108, and is also known to or determinable by the recipient. The password creation function 136 retrieves one or more pieces of password information 132 from the database and combines these pieces to create a password for the encryption of the message to be sent to the customer. Because in this embodiment the password creation function is using pieces of information known to or available to the recipient, the password can be recreated for decryption at client 104 using information entered by the recipient at the recipient's end.
The content of the message, referred to as the body 134 is provided to encryption engine 138, which performs the encryption. The body of the message 134 can include the sensitive part of the message that the sender desires to be encrypted. In terms of one or more example applications described above, the body might include, for example, a customer account statement or other sensitive information.
As stated, in the illustrated embodiment, the encryption is based on the password created by password creation function 136. In one embodiment, the encryption algorithms used are implemented using, for example, ARCFour (also known as RC4®), or other encryption algorithms, whether they be commercially available or custom created. Note that with some encryption programs, users are prevented from using the same password twice. RC4® is one such algorithm. In such a system, however, an initialization vector can be used and included in the message as would be obvious to one of ordinary skill in the art after reading this disclosure.
Message creation 146 completes the message by appending additional information or materials to the encrypted body. For example, a decryption script 148 is appended, which allows the client 104 to decrypt the message upon receipt. Decryption script 148 can be implemented, for example, as a JavaScript or other executable code that can be executed by client computer 104 upon receipt. One advantage of JavaScript is that it allows execution on a variety of different client machines and can be optimized for the user's browser. This is particularly useful in applications such as Internet applications.
Also appended can be any desired supplemental information 142 such as, for example, address information like the recipient address (e.g., the "To:" address) for the message. Supplemental information 142 may also include code to allow the recipient computer to prompt the user for password information and to combine the password information to create the decryption password. One example includes an electronic form or forms to be filled out by the recipient requesting password information to be used in creating a decryption password. Another example is JavaScript or other executable code configured to prompt the recipient for password information and to combine the entered password information to derive the decryption password. JavaScript, a form or other password code can be provided as supplemental information or as part of decryption script 148. Additionally, a form can be provided to prompt the recipient for the password information and the decryption script can combine the information to obtain the decryption password.
The combination of the encrypted body along with supplemental information and decryption script 148 results in an encrypted message 150 with an attached decryption script 148. The encrypted message 150, along with decryption script 148 can be sent to the recipient, with at least the body 134 of the message 150 being secure.
As stated above and discussed in more detail below, in one embodiment, provisions can be incorporated to allow the recipient to send a secure reply back to the original sender. As such, in this embodiment, a reply encryption password 140 and a reply encryption script 144 can also be provided to encryption engine 138 for encryption and inclusion with encrypted message 150. Reply encryption password 140 and reply encryption script 144 included with message 150 can be used by the recipient to encrypt a reply message.
FIG. 3 is an operational flow diagram illustrating a process for encrypting and sending a message according to one embodiment of the invention. Referring now to FIG. 3, in a step 204 server 108 builds the message to be sent. More particularly, in this step, server 108 builds body 134 of the message to be sent. As stated above, this message can include, for example, statements, account information, or any other information that the sender desires to remain confidential. In some applications, the process of building message body 134 can be automated such that a computer system at or associated with server 108 automatically generates an electronic version of the content of the message. For example, a bank computer system may automatically generate monthly account statements in electronic form. In the example functional architecture illustrated in FIG. 2, and in accordance with the above-described example application, the step of generating message body 134 can be accomplished by retrieving data from a database135 accessible by server 108 and compiling this data as the body 134 of the message to be sent. Of course, message body 134 can also be created manually, based on user activity or intervention. In a step 206, the password is prepared for encryption of the message.
As stated above, in a preferred embodiment, the password is prepared by combining selected information available to the server in a password information database 132 and can include personal information or other information known to or obtainable by the customer at a client computer 104. Password information database 132 can be one or more databases at or accessible by server 108 that store one or more pieces of password information as they may be defined for a particular application. In a step 208, the prepared password is used to encrypt the message. Because the password is created using information known to or available to the recipient, he or she can be queried to enter this information upon receipt of the message 150, and the decryption password can be recreated locally at the client computer 104. One advantage of this embodiment is that password encryption can be implemented with institutions or other entities having a large number of customers, clients, or other message recipients, and a unique, or at least unguessable, password can be created for each of these recipients based on password information 132. As such, elaborate schemes for establishing passwords in coordination with each of the various clients, customers, or other recipients need not be implemented.
In a step 210, a decryption script 148 is attached to the message prior to transmission. As stated above, decryption script 148 can be JavaScript or other executable code that can be executed by the recipient's computer 104 upon receipt of encrypted message 150. Although it is not necessary that decryption script 148 be included as an "attachment" per se, in one embodiment, decryption script 148 is included as an attachment to an e-mail message 150. In alternative embodiments, decryption script 148 is attached by otherwise including it with the message being sent. Address and other supplemental information can be included with message 150 and message 150 sent to the recipient as illustrated by steps 212 and 214.
Also, as stated above, an encryption password 140 and reply encryption script 144 can be included in encrypted message 150 to enable the user to send an encrypted reply 164 (see FIG. 4) to the sender. This is illustrated by steps 216 and 218. Preferably, as illustrated in FIGS. 2 and 3, the encryption script 144 and encryption password 140 are encrypted prior to transmission of the message to the recipient. This ensures security of the encryption code 144 and password 140. In one embodiment, encryption script 144 is JavaScript or other executable code that can run on client computer 104, preferably with little or no user intervention. In one embodiment, reply encryption password 140 can be the same as the encryption password used to send the original message from the sender at server 108 to the recipient at client 104. In this embodiment, the password created at the recipient's end by the recipient entering requested password information to decrypt message 150 can also be used to encrypt the reply. As such, a reply encryption password need not be included in message 150. Upon receipt of encrypted message 150, the recipient's computer 104 executes the decryption script 148 to decrypt the received message. FIG. 4 is a block diagram illustrating an example functional architecture for the decryption of a received message 150 and the encryption of a reply message 162 according to one embodiment of the invention. Referring now to FIG. 4, the encrypted message 150 is received, along with decryption script 148.
Message decryption 154 utilizes password data 152 provided by the customer to decrypt the received message.
In embodiments where a reply encryption password 140 and reply encryption script 144 are included in the original message, these can be obtained from the clear message 156 and used in the encryption 160 of a reply message 162 to create and send an encrypted reply 164 to the original sender.
That is, where the reply encryption script 144 and password 140 are encrypted and sent with the original message, they can be obtained when the message is decrypted and used to encrypt a reply, creating encrypted reply 164.
FIG. 5 is an operational flow diagram illustrating a process for decrypting a received message 150 and sending an encrypted reply message 164 according to one embodiment of the invention. In a step 242, encrypted message 150 is received at client computer 104. As stated above, also received at client computer 104 is decryption script 148 that was attached or otherwise included with the encrypted message 150. The included decryption script 148 is executed to allow the received message to be decrypted. In one embodiment, decryption script 148 is JavaScript that automatically executes when the recipient chooses to read the message.
The decryption script 148 in one embodiment can provide a prompt to the user to enter the password information used to create a password for the decryption. Alternatively, a query for the password information may be provided as supplemental information with the message 150. For example, in one embodiment, an HTML form can be included with the message or as part of decryption script 148, requesting that the user enter the specified password information. This information is then combined to provide a password for decryption of the message. This is illustrated by steps 244 and 246. To list just one example, in one embodiment, the user may be prompted to enter the last four digits of his or her Social Security number, the first five digits of his account number, and his or her birth date. In another example, the user may be asked to enter information that can be obtained by looking at one of his or her previous statements. As will become apparent to one of ordinary skill in the art after reading this description, the particular pieces of information provided above are provided for purposes of description only and as one of ordinary skill in the art would understand, other pieces of information can be used to build the password. In this manner, a variety of different pieces of information commonly known by or available to both the sender and the recipient can be used in unique and different combinations to create passwords for encryption and decryption.
Preferably, in one embodiment enough information is used to create the password such that an unintended recipient would not be able to properly provide the requested password information. In a preferred embodiment, the password information actually used to create the password does not comprise complete pieces of information. For example, instead of using a customer's complete Social Security Number, the routine may only use part of the number (e.g., the last four digits).
The password is then used by decryption script 148 to decrypt the message in a step 248. In one embodiment, if the wrong password is provided, the recipient may see a message stating such or may simply see garbage or unintelligible characters on the screen. Because the decryption script 148 was provided by the sender with the message 150, there is no need for the recipient to have previously installed a decryption program on his or her machine. Also, where decryption script 148 is self-executing or self-starting, the user need not perform additional steps to begin the decryption process other than provide the requested password information. Furthermore, a specific password does not have to be agreed upon in advance between the sender and recipient to allow the recipient to decode the message. Also, because password information available to the server 108 is used to create a password, there is no need to have a separate password file. As stated above, where a reply to the original sender is required or desired, another aspect of the invention enables encryption of the reply such that it can be decrypted upon receipt by the original sender at server 108. To accomplish this, the reply encryption script 144 and reply password 140 are obtained from the decrypted message 156 sent by the original sender. The encryption script 144 and encryption password 140 are used to encrypt the reply 162 prior to sending the reply to the original sender. This is illustrated by steps 252, 254, 256, and 258. Because the original sender provided the reply encryption password 140 to the recipient, the original sender can use this password to decrypt the reply. Again, this provides the advantage that the sender and recipient do not need to establish agreed upon passwords in advance, even for encrypted replies. Instead, a password created by the original sender can be provided to the recipient in encrypted message 150 for the recipient to use in generating the encrypted reply 164. Alternatively, the reply can use the same password used to decrypt the message. In yet another alternative, the original sender can include a password creation algorithm in the encrypted message 150 enabling the recipient to create a password based on information known to or available to the recipient. This same information would then be used by the sender when it receives the encrypted reply 164 to create the password for decryption of the encrypted reply 164.
Because a specific and different reply encryption password 140 can be provided for each of a plurality of recipients, the original sender can authenticate a response or a reply received from recipients. That is, if server 108 sends multiple messages to a group of clients 104, it can create and store a unique encryption password 140 for each individual recipient. Thus, each reply from each of these recipients will be encrypted using a unique encryption password. Thus, when the original sender applies the password to decrypt the encrypted reply 164, if the decryption is successful, the message is authenticated as having come from that particular recipient. Further, the password can be created, at least in part, using the recipient's network address or a specific reply address to which the recipient was directed to reply. This ensures a unique reply encryption password, enabling the system to authenticate the reply as coming from the designated customer at a client computer 104. Preferably, the reply address is actually only part, but not all of the information used to create the password. The various embodiments, aspects and features of the invention described above may be implemented using hardware, software or a combination thereof and may be implemented using a computing system having one or more processors. In fact, in one embodiment, these elements are implemented using a processor-based system capable of carrying out the functionality described with respect thereto. An example processor-based system 502 is shown in FIG. 6 according to one embodiment of the invention. The computer system 502 includes one or more processors, such as processor 504. The processor 504 is connected to a communication bus 506. Various software embodiments are described in terms of this example computer system. The embodiments, features and functionality of the invention as described above are not dependent on a particular computer system or processor architecture or on a particular operating system. In fact, after reading this document, it will become apparent to a person of ordinary skill in the relevant art how to implement the invention using other computer or processor systems and/or architectures.
Processor-based system 502 can include a main memory 508, preferably random access memory (RAM), and can also include a secondary memory 510. The secondary memory 510 can include, for example, a hard disk drive 512 and/or a removable storage drive 514, representing a floppy disk drive, a magnetic tape drive, an optical disk drive, etc. The removable storage drive 514 reads from and/or writes to a removable storage medium 518 in a well known manner. Removable storage media 518, represents a floppy disk, magnetic tape, optical disk, etc. which is read by and written to by removable storage drive 514.
As will be appreciated, the removable storage media 518 includes a computer usable storage medium having stored therein computer software and/or data. In alternative embodiments, secondary memory 510 may include other similar means for allowing computer programs or other instructions to be loaded into computer system 502. Such means can include, for example, a removable storage unit 522 and an interface 520. Examples of such can include a program cartridge and cartridge interface (such as that found in video game devices), a removable memory chip (such as an EPROM, or PROM) and associated socket, and other removable storage units 522 and interfaces 520 which allow software and data to be transferred from the removable storage unit 518 to computer system 502.
Computer system 502 can also include a communications interface 524.
Communications interface 524 allows software and data to be transferred between computer system 502 and external devices. Examples of communications interface 524 can include a modem, a network interface (such as, for example, an Ethernet card), a communications port, a PCMCIA slot and card, etc. Software and data transferred via communications interface 524 are in the form of signals which can be electronic, electromagnetic, optical or other signals capable of being received by communications interface 524. These signals are provided to communications interface via a channel 528. This channel 528 carries signals and can be implemented using a wireless medium, wire or cable, fiber optics, or other communications medium. Some examples of a channel can include a phone line, a cellular phone link, an RF link, a network interface, and other communications channels. In this document, the terms "computer program medium" and "computer usable medium" are used to generally refer to media such as removable storage device 518, a disk capable of installation in disk drive 512, and signals on channel 528. These computer program products are means for providing software or program instructions to computer system 502. Computer programs (also called computer control logic) are stored in main memory 508 and/or secondary memory 510. Computer programs can also be received via communications interface 524. Such computer programs, when executed, enable the computer system 502 to perform the features of the present invention as discussed herein. In particular, the computer programs, when executed, enable the processor 504 to perform the features of the present invention. Accordingly, such computer programs represent controllers of the computer system 502. In an embodiment where the elements are implemented using software, the software may be stored in, or transmitted via, a computer program product and loaded into computer system 502 using removable storage drive 514, hard drive 512 or communications interface 524. The control logic (software), when executed by the processor 504, causes the processor 504 to perform the functions of the invention as described herein.
In another embodiment, the elements are implemented primarily in hardware using, for example, hardware components such as PALs, application specific integrated circuits (ASICs) or other hardware components. Implementation of a hardware state machine so as to perform the functions described herein will be apparent to persons skilled in the relevant art(s). In yet another embodiment, elements are implemented using a combination of both hardware and software.
4. Conclusion While various embodiments of the present invention have been described above, it should be understood that they have been presented by way of example only, and not limitation. Thus, the breadth and scope of the present invention should not be limited by any of the above-described exemplary embodiments, but should be defined only in accordance with the following claims and their equivalents.

Claims

What is Claimed is:
1. A computer system configured to send secure electronic messages to one or more recipients, comprising: an electronic database including password information, wherein said password information comprises information known to or available to both the sender and the recipient of a message; a processor; and computer program code means executable on said processor, said computer program code means including computer program code logic configured to retrieve password information from said database and combine said retrieved password information to create an encryption password; computer program code logic configured to encrypt a body of said electronic message using said encryption password, thereby creating an encrypted electronic message; computer program code logic configured to attach a decryption script to said encrypted electronic message and to send said encrypted electronic message and decryption script to the recipient; and computer program code logic configured to attach password code to said encrypted electronic message to prompt the recipient for said password information and to combine said password information to create a decryption password; wherein said decryption script is configured to execute at a recipient computer and decrypt said encrypted message using said decryption password, and wherein no advance agreement regarding password information between the sender and recipient is required.
2. The computer system of claim 1 , wherein said computer program code means further includes computer program code logic configured to include an encryption script with said message body, wherein said encryption script enables said recipient computer to encrypt a reply to said encrypted message.
3. The computer system of claim 2, wherein said computer program code means further includes computer program code logic configured to encrypt said encryption script prior to transmission with said encrypted message.
4. The computer system of claim 2, wherein said computer program code means further includes computer program code logic configured to provide an encryption password with said encryption script.
5. The computer system of claim 2, wherein a password used to encrypt a reply message is the same password used by the recipient computer to decrypt said encrypted message.
6. The computer system of claim 1, wherein said decryption script is coded in the JavaScript language.
7. The computer system of claim 1 , wherein said computer system is a server computer and said recipient computer is a client computer.
8. The computer system of claim 1 , wherein said encrypted message is sent across a private, public or quasi-public communications network.
9. The computer system of claim 1 , wherein said password code comprises a form sent to the recipient computer along with said encrypted message.
10. The computer system of claim 1 , wherein said password code comprises additional code included as part of said decryption script.
11. The computer system of claim 1 , wherein said electronic message is at least one of the group of an e-mail message, an html message, and an http page.
12. The computer system of claim 2, wherein said encryption script encrypts said reply using password encryption and wherein said password is unique to the recipient.
13. The computer system of claim 12, further comprising computer program code means configured to decrypt said reply using said unique password, thereby authenticating said reply as being from said recipient.
14. The computer system of claim 4, wherein said password is encrypted prior to transmission with said encrypted message.
15. A server system configured to send electronic account information to one or more customers, comprising: an electronic database including password information, wherein said password information comprises information known to or available to both the sender and the recipient of a message; a processor; and computer program code means executable on said processor, said computer program code means including computer program code logic configured to retrieve password information from said database and combine said retrieved password information to create an encryption password; computer program code logic configured to encrypt account information using said encryption password, thereby creating an encrypted electronic message; and computer program code logic configured to attach a decryption script to said encrypted electronic message and to send said encrypted electronic message and decryption script to the recipient; wherein said decryption script is configured to prompt the recipient for said password information, to combine said password information to create a decryption password, and to execute at a recipient computer to decrypt said encrypted message using said decryption password.
16. The system of claim 15, wherein said computer program code means further includes computer program code logic configured to include an encryption script with said message body, wherein said encryption script enables said recipient computer to encrypt a reply to said encrypted message.
17. The system of claim 16, wherein said computer program code means further includes computer program code logic configured to encrypt said encryption script prior to transmission with said encrypted message.
18. The system of claim 16, wherein said computer program code means further includes computer program code logic configured to provide an encryption password with said encryption script.
19. The system of claim 16, wherein a password used to encrypt a reply message is the same password used by the recipient computer to decrypt said encrypted message.
20. The system of claim 18, wherein said decryption script is
JavaScript.
21. The system of claim 18, wherein said encrypted message is sent across a private, public or quasi-public communications network.
22. The system of claim 18, wherein said password code comprises a form sent to the recipient computer along with said encrypted message.
23. The system of claim 18, wherein said password code comprises additional code included as part of said decryption script.
24. The system of claim 18, wherein said electronic message comprises at least one of the group of an e-mail message, an html message, and an http page.
25. The system of claim 16, wherein said encryption script encrypts said reply using password encryption and wherein said password is unique to the recipient.
26. The system of claim 25, further comprising computer program code means configured to decrypt said reply using said unique password, thereby authenticating said reply as being from said recipient.
27. The system of claim 18, wherein said password is encrypted prior to transmission with said encrypted message.
28. A computer program product comprising a computer useable medium having computer program logic recorded thereon for enabling a processor in a computer system to provide communication of encrypted electronic messages, said computer program logic comprising: computer program code logic configured to retrieve password information from a database and to combine said retrieved password information to create an encryption password; computer program code logic configured to encrypt said electronic message using said encryption password; and computer program code logic configured to attach a decryption script to said encrypted electronic message and to send said encrypted electronic message and decryption script to the recipient; wherein said decryption script is configured to execute at a recipient computer to decrypt said encrypted message.
29. The computer program product of claim 28, wherein said electronic message comprises at least one of the group of an e-mail message, an html message, or an http page.
30. The computer program product of claim 29, wherein said computer program logic further comprises computer program code logic configured to attach password code to said encrypted electronic message to prompt the recipient for said password information and to combine said password information at the recipient computer to create a decryption password.
31. The computer program product of claim 29, wherein said password code comprises additional code included as part of said decryption script.
32. The computer program product of claim 29, wherein said computer program logic further includes computer program code logic configured to include an encryption script with said message body, wherein said encryption script enables the recipient computer to encrypt a reply to the encrypted message.
33. The computer program product of claim 32, wherein said computer program logic further includes computer program code logic configured to encrypt said encryption script prior to transmission with the encrypted message.
34. The computer program product of claim 32, wherein said computer program logic further includes computer program code logic configured to provide an encryption password with said encryption script.
35. The computer program product of claim 32, wherein a password used to encrypt a reply message is the same password used by the recipient computer to decrypt said encrypted message.
36. The computer program product of claim 30, wherein said password code comprises at least one of a form sent to the recipient computer along with said encrypted message and additional code included as part of said decryption script.
37. The computer program product of claim 28, wherein said decryption script is coded in the JavaScript language.
38. The computer program product of claim 34, wherein said encryption password is unique to a recipient, and wherein said computer program product further comprises means for authenticating a reply from a recipient based on said encryption password.
39. A method for communicating encrypted electronic messages, said method comprising: retrieving password information from a database and combining said retrieved password information to create an encryption password; encrypting said electronic message using said encryption password; and attaching a decryption script to said encrypted electronic message and sending said encrypted electronic message and decryption script to the recipient; wherein said decryption script is configured to execute at a recipient computer to decrypt said encrypted message.
40. The method of claim 39, wherein said electronic message comprises at least one of the group of an e-mail message, an html message, or an http page.
41. The method of claim 40, further comprising attaching password code to said encrypted electronic message to prompt the recipient for said password information and to combine said password information at the recipient computer to create a decryption password.
42. The method of claim 39, further comprising including an encryption script with said message body, wherein said encryption script enables the recipient computer to encrypt a reply to the encrypted message.
43. The method of claim 42, further comprising encrypting said encryption script prior to transmission with the encrypted message.
44. The method of claim 42, further comprising providing an encryption password with said encryption script.
45. The method of claim 42, wherein a password used to encrypt a reply message is the same password used by the recipient computer to decrypt said encrypted message.
46. The method of claim 41 , wherein said password code comprises at least one of a form sent to the recipient computer along with said encrypted message and additional code included as part of said decryption script.
47. The method of claim 39, wherein said decryption script is JavaScript.
48. A system for communicating encrypted electronic messages, said system comprising: means for encrypting a body of said electronic message using a password created from password information in a database; and means for attaching a decryption script to said encrypted electronic message and sending said encrypted electronic message and decryption script to the recipient; wherein said decryption script is configured to execute at a recipient computer to decrypt said encrypted message.
49. The system of claim 48, further comprising: means for retrieving password information from a database and to combine said retrieved password information to create an encryption password; and means for encrypting said electronic message using said encryption password.
50. The system of claim 49, further comprising means for attaching password code to said encrypted electronic message to prompt the recipient for said password information and to combine said password information at the recipient computer to create a decryption password.
51. The system of claim 49, further comprising means for including an encryption script with said message body, wherein said encryption script enables the recipient computer to encrypt a reply to the encrypted message.
52. The system of claim 51 , further comprising means for encrypting said encryption script prior to transmission with the encrypted message.
53. The system of claim 51 , further comprising means for providing an encryption password with said encryption script.
54. The system of claim 51 , wherein a password used to encrypt a reply message is the same password used by the recipient computer to decrypt said encrypted message.
55. The system of claim 50, wherein said password code comprises at least one of a form sent to the recipient computer along with said encrypted message and additional code included as part of said decryption script.
56. The system of claim 48, wherein said decryption script is
JavaScript.
57. A system for authenticating a reply message from a recipient of an original message including computer program code means executable by a processor, said computer program code means comprising: computer program code logic configured to provide and encryption script and encryption password to said recipient with an electronic message, wherein said encryption password is unique to said recipient, and wherein said encryption script enables said recipient computer to encrypt a reply to said encrypted message using said encryption password; and computer program code logic configured to decrypt said reply using the same password provided to the recipient, thereby authenticating said reply as being from said recipient.
58. The system of claim 57, further comprising computer program code logic configured to encrypt said password prior to transmission with said message.
PCT/US2000/003834 1999-02-19 2000-02-14 Message encryption system and method WO2000049786A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU34913/00A AU3491300A (en) 1999-02-19 2000-02-14 Message encryption system and method

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US25381499A 1999-02-19 1999-02-19
US09/253,814 1999-02-19

Publications (1)

Publication Number Publication Date
WO2000049786A1 true WO2000049786A1 (en) 2000-08-24

Family

ID=22961815

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2000/003834 WO2000049786A1 (en) 1999-02-19 2000-02-14 Message encryption system and method

Country Status (2)

Country Link
AU (1) AU3491300A (en)
WO (1) WO2000049786A1 (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002023785A2 (en) * 2000-09-15 2002-03-21 Innovation Venture Limited Secure messaging
WO2002032044A2 (en) * 2000-10-13 2002-04-18 Eversystems Inc. Secret key messaging
WO2002093849A2 (en) * 2001-05-16 2002-11-21 Kasten Chase Applied Research Limited System for secure electronic information transmission
FR2832575A1 (en) * 2001-11-19 2003-05-23 Nupha Method for carrying out secure transactions over a network, especially using a mobile phone, whereby an audio, video or document file is encrypted with a purchase issued a corresponding encryption key
WO2002021462A3 (en) * 2000-09-06 2003-10-09 Giesecke & Devrient Gmbh Method for securing digital goods on sale thereof over a computer network
EP2202941A1 (en) * 2008-12-23 2010-06-30 Ubs Ag Systems and methods for securely providing email
US20120254329A1 (en) * 2011-03-31 2012-10-04 Majeti Venkata C Selectable activation/deactivation of features of applications on end user communication devices
WO2012135248A1 (en) * 2011-03-31 2012-10-04 Loment, Inc. Ubiquitous user control for information communicated among end user communication devices
GB2540138A (en) * 2015-07-02 2017-01-11 Ketheeswaran Gopalan Method of exchanging digital content
CN112632572A (en) * 2020-12-04 2021-04-09 中国农业银行股份有限公司深圳市分行 Method, device and storage medium for encrypting and decrypting commands in script

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5737393A (en) * 1995-07-31 1998-04-07 Ast Research, Inc. Script-based interactive voice mail and voice response system
US5805702A (en) * 1995-09-29 1998-09-08 Dallas Semiconductor Corporation Method, apparatus, and system for transferring units of value

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5737393A (en) * 1995-07-31 1998-04-07 Ast Research, Inc. Script-based interactive voice mail and voice response system
US5805702A (en) * 1995-09-29 1998-09-08 Dallas Semiconductor Corporation Method, apparatus, and system for transferring units of value

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002021462A3 (en) * 2000-09-06 2003-10-09 Giesecke & Devrient Gmbh Method for securing digital goods on sale thereof over a computer network
WO2002023785A2 (en) * 2000-09-15 2002-03-21 Innovation Venture Limited Secure messaging
WO2002023785A3 (en) * 2000-09-15 2002-08-01 Innovation Venture Ltd Secure messaging
US6728378B2 (en) 2000-10-13 2004-04-27 Eversystems Information Comircio Representagco, Importageo E Exportagco Ltda. Secret key messaging
WO2002032044A3 (en) * 2000-10-13 2003-01-09 Eversystems Inc Secret key messaging
WO2002032044A2 (en) * 2000-10-13 2002-04-18 Eversystems Inc. Secret key messaging
WO2002093849A3 (en) * 2001-05-16 2003-01-23 Kasten Chase Applied Res Ltd System for secure electronic information transmission
WO2002093849A2 (en) * 2001-05-16 2002-11-21 Kasten Chase Applied Research Limited System for secure electronic information transmission
FR2832575A1 (en) * 2001-11-19 2003-05-23 Nupha Method for carrying out secure transactions over a network, especially using a mobile phone, whereby an audio, video or document file is encrypted with a purchase issued a corresponding encryption key
US8281409B2 (en) 2008-12-23 2012-10-02 Ubs Ag Systems and methods for securely providing email
EP2202941A1 (en) * 2008-12-23 2010-06-30 Ubs Ag Systems and methods for securely providing email
US20120254329A1 (en) * 2011-03-31 2012-10-04 Majeti Venkata C Selectable activation/deactivation of features of applications on end user communication devices
WO2012135248A1 (en) * 2011-03-31 2012-10-04 Loment, Inc. Ubiquitous user control for information communicated among end user communication devices
WO2012135355A1 (en) * 2011-03-31 2012-10-04 Loment, Inc. Selectable activation/deactivation of features of applications on end user communication devices
US10009305B2 (en) 2011-03-31 2018-06-26 Loment, Inc. Ubiquitous user control for information communicated among end user communication devices
GB2540138A (en) * 2015-07-02 2017-01-11 Ketheeswaran Gopalan Method of exchanging digital content
CN112632572A (en) * 2020-12-04 2021-04-09 中国农业银行股份有限公司深圳市分行 Method, device and storage medium for encrypting and decrypting commands in script

Also Published As

Publication number Publication date
AU3491300A (en) 2000-09-04

Similar Documents

Publication Publication Date Title
US6539093B1 (en) Key ring organizer for an electronic business using public key infrastructure
JP3251917B2 (en) Electronic bidding system and electronic bidding method
US9356916B2 (en) System and method to use a cloud-based platform supported by an API to authenticate remote users and to provide PKI- and PMI-based distributed locking of content and distributed unlocking of protected content
US6367010B1 (en) Method for generating secure symmetric encryption and decryption
JP3499680B2 (en) System and method for transparently integrating private key operations from a smart card with host-based cryptographic services
WO2021004054A1 (en) Certificate application method and apparatus, terminal device, gateway device and server
US8145898B2 (en) Encryption/decryption pay per use web service
US8751788B2 (en) Payment encryption accelerator
EP0869652A2 (en) Document delivery system
US20020184485A1 (en) Method for electronic communication providing self-encrypting and self-verification capabilities
US20050044398A1 (en) Custom security tokens
EP3393081B1 (en) Selective data security within data storage layers
JPH07509086A (en) Trusted path subsystem for workstations
EP1228407A2 (en) Web environment access control
EP1613014B1 (en) A computer system and data processing method for using a web service
WO2000049786A1 (en) Message encryption system and method
Baldwin et al. Locking the e-safe
CN100397812C (en) Communication method and system basenon vertual link customer terminal and bank network
US20230208619A1 (en) Method to request sensitive data from a recipient and to establish a secure communication with the recipient
CN111353000A (en) Transaction network system, method and device for safely opening electronic insurance
Kumar et al. Data security and encryption technique for cloud storage
WO2000046952A1 (en) Method for sending secure email via standard browser
JPH06152592A (en) Cipher communication method and cipher communication system
EP4016916A1 (en) Method and apparatus for sharing data
Adkinson-Orellana et al. Sharing secure documents in the cloud-a secure layer for Google Docs

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AL AM AT AU AZ BA BB BG BR BY CA CH CN CR CU CZ DE DK DM EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase