The technology of transforming a received e-mail message to a different format, i.e., e-mail-to-voice or e-mail-to-facsimile data, etc., is well known in the art. One advantage gained by employing these techniques is that format transformation of the e-mail message oftentimes permits the intended recipient of the message to receive the message more quickly than if such transformations were unavailable. For example, an e-mail user may physically be at a location which is inconvenient for receiving e-mail messages, such as in his or her car or in a meeting. In order to guarantee immediate receipt of e-mail messages, the user may have his e-mail messages forwarded from his computer, which is physically connected to the e-mail network, to his cellular phone, pager, PDA, fax machine or any other device that will make retrieval of the e-mail message more convenient.
Accordingly, when an e-mail message is received by the recipient's computer, the message is converted into an appropriate format and transferred to the recipient's cellular phone, etc. Upon receipt of the message, the phone then indicates receipt of the message, i.e., by activating an audible and/or visual alarm recognized by the recipient. The recipient can then identify the respective sender of the message and/or subject and determine whether or not to retrieve the message immediately, defer receipt until a later time, or delete the message without opening it.
One issue that concerns virtually all e-mail users is the security of the content of the messages. Because e-mail messages are typically sent over the Internet, from one network to another, they are subject to being passed through various devices between the time the message leaves the sender's machine and the time the message reaches the recipient's machine. Each one of the various devices the e-mail message, and any corresponding attachments, passes through along its journey is capable of copying and/or altering the message content, thus, exposing the message content to malicious interceptions. Also, in some countries, government agencies routinely monitor e-mail message content. Accordingly, it has become a favorable practice among e-mail users to encrypt private or otherwise sensitive material that either party, sender or recipient, desires to remain confidential.
Encryption, or cryptography, is the technique of converting plain information into unintelligible information and re-converting the unintelligible information back into an intelligible, preferably the original, form. Cryptography has existed for centuries but it has recently been given significantly more attention as a result of the advent of e-commerce, privacy concerns and the Internet. Fast, cheap, high-powered computers and communications systems are enabling the development of new cryptographic systems and methodologies and, along with them, the ability to crack/decipher the codes.
One conventional encryption technique is referred to as the “shared secret” technique. The shared secret technique consists of a single mathematical “key” used for both encryption and decryption of data. This type of cryptographic system is sometimes also referred to as “symmetric” cryptography because the same “key” both encrypts and decrypts the message. Both the sender and the recipient of a message, such as an e-mail message, must possess the same mathematical key and the parties are responsible for physically maintaining the secrecy and security of the key to ensure the privacy and security of their communication.
In shared secret, or symmetrical, encryption, the sender of a message encrypts the message using any of a virtually limitless number of encryption keys. Encryption keys are often in the form of a mathematical algorithm. Upon receipt of the message on the recipient's computer, after being passed through various intermediary machines as an encrypted message, the recipient decrypts the message by using the same key, in reverse, as the sender used to encrypt the message. Obviously, in order for this system to work, the sender and the recipient must each know which key was used to send the message. Accordingly, the parties typically agree on an algorithm through various “offline” means, such as a private telephone conversation, a separate e-mail message, etc.
Another encryption technique, one that improves upon the “shared secret” method, is known as “Public Key” cryptography. Public Key cryptography employs a two-key system wherein the two keys are asymmetric, or completely different. However, even though the two keys are different, they comprise a set and work together to encode and decode information. One key is kept private, or secret, by one of the parties and the other key is made readily available to the public. However, the second key is typically retained in a trustworthy repository. When a public key is used to encrypt a message, only the private key from the pair is capable of decrypting the message. Thus, in public key cryptography, anyone can send secret messages to the holder of a private key because the matching public key is readily available, yet no one other than the intended recipient, who possesses the matching private key, can decrypt the message. Therefore, regardless of the number of people that come into possession of the message, the integrity of the message content is maintained.
Public Key cryptography has lead to several other useful innovations, such as the digital signature. A digital signature is much like a hand-written signature in that it provides proof that the originator of the message is actually who the person claims to be (a process known as “Authentication”). A sender “signs” messages by passing them through a mathematical algorithm, known as a “hash” function, and produces a summary, or “hash”, of the subject message. Mathematically, this summary, or hash, is unique for every message, similar to the way a fingerprint is unique for every person. The sender then encrypts the hash with his private key and attaches the code to the end of the message. This attached code is the digital signature. The intended recipient, upon receipt of the encrypted message and sender signature, verifies the authenticity of the message and proves that it has not been altered in transit by decrypting the digital signature with the sender's public key and passing the message through the same hash function, in reverse. If the two hash codes are the same, it can be confirmed that the message was indeed sent from the holder of the matching private key (Non-repudiation) and that it was not altered (Integrity).
A Public Key Infrastructure (PKI) refers to the entire Public Key system. A PKI comprises the keys as well as one or more trusted systems known as Certification Authorities (CA). These CAs are organized in a tree-like hierarchical structure. Each user's Public Key and identification are placed in a digital certificate. The CA digitally signs each certificate and makes the certificates freely available by publishing them in publicly accessible directories. Any client, or user, of the PKI may access any other users' Public Key and verify the authenticity by using the CA's Public Key to verify the CA's signature on the certificate. The CA at the top of the hierarchy signs certificates of subordinate CAs and these CAs in turn sign certificates of CAs below themselves and so forth. This system establishes a chain of trust in a distributed CA system., including cryptographic keys and a certificate management system. The PKI enables secure transactions and private exchange of information between parties who may either be well known to each other or complete strangers. PKI provides privacy, integrity, authentication, and non-repudiation for applications and electronic commerce transactions.
There are a variety of free and commercial packages available for performing either type of encryption, i.e., symmetrical and/or asymmetrical. There are also companies that offer software packages for encryption. Network Associates, Inc., for example, offers a freeware and a commercial package that allow an e-mail message attachment to be encrypted as a self decrypting archive (SDA). It is assumed that there are other similar packages available and that it is possible for a skilled artisan to replicate or enhance these offerings.
However, most current handsets, e.g., wireless phones, pagers, PDAs, etc., do not have the computational power to decrypt e-mail messages that are coded using these methods. A key can be considered secure if it can not be cracked in a reasonable amount of time by brute force (i.e., trying all combinations sequentially), even if cracking the key requires using many computers. The security of a key, i.e., its ability to withstand attempts to decipher it, is in relation to its length. In other words, the longer the actual mathematical code used to create the key, the more difficult it is to decode/decipher the key and, thus, the more secure the key is. However, decoding long keys makes the job of the handset more difficult. In the handset, low available computational power makes it impractical to decrypt anything but short simple and, therefore, insecure codes.
Currently, when an encrypted e-mail message is received by a user, there is no reasonable method, due to the limitations explained above, by which the recipient can decrypt the e-mail message using only the mobile handset. The e-mail message could be decrypted by the e-mail server, but it is accepted in the industry that a reasonable person receiving an encrypted e-mail message would not leave the decryption password stored on an operator's server where it could be legally, or illegally, intercepted. It is also reasonable to assume that the sender would prefer that confidentiality not be compromised in this way.
Accordingly, in accordance with conventional methods, a recipient of an encrypted e-mail message, in order to maintain the integrity of the message content, is required to download the message and decrypt it locally on his own computer, which is a secure machine where, typically, the keys are stored. The recipient, even if notified of the receipt of an e-mail message on his phone, PDA, pager, etc., will not be able to view the message, or listen to it, immediately without compromising the integrity of the message, i.e., without providing the decryption “key” on the open, unsecure system/server as explained above. In most cases, providing the key on an open system in this manner also compromises future messages, since those future messages typically utilize the same password. This becomes, as a minimum, an inconvenience to the recipient, and possibly to the sender, when the recipient is mobile and not physically located where secure message retrieval is possible.