1. Field of the Invention
The present invention relates to electronic message systems, and more specifically relates to an electronic message system and method allowing an intended recipient to determine whether or not to collect the full content of an electronic mail message from the source of the electronic message before it is delivered to the recipient's electronic mailbox, and managing public-secret key pairs of public key cryptography for implementing authentication, certification, and privacy of communication.
2. Definition
The foregoing and other objects of the present invention, the various features thereof, as well as the invention itself, may be more fully understood based on the following definition of terms:
TermDefinitionElectronicA message (may contain text, images, audio, voice,Messagevideo, or their combinations) processed on computersystems and delivered over communication networks.Electronic MailAn Electronic Message that is delivered and placed onMessagecomputer systems waiting for access.ElectronicAn Electronic Message that is transmitted forInteractiveinteractive communication.MessageHost ComputerA computer system comprising hardware and softwarethat its users access over communication networks.Local ComputerA computer system comprising hardware and softwarethat a user works on locally.CommunicationAn electronic apparatus capable of sending andApparatusreceiving Electronic Messages as a Local Computerbut with less computing power or storage capacity,preferably a mobile device that can be connected tocommunication networks.SenderA human user or a software agent that uses a LocalComputer or Communication Apparatus to send anoutgoing Electronic Mail Message or to initiate aninteractive communication over communicationnetworks.RecipientA human user or a software agent that uses a LocalComputer or Communication Apparatus to access anincoming Electronic Mail Message or to respond to aninteractive communication over communicationnetworks.Sending PartyA Sender, a Local Computer or CommunicationApparatus that a Sender uses, or a Host Computer thatadministrates the Sender's account.Receiving PartyA Recipient, a Local Computer or CommunicationApparatus that a Recipient uses, or a Host Computerthat administrates the Recipient's account.
3. Description of the Prior Art
Electronic Mail Systems are implemented for delivering Electronic Mail Messages as long as the Recipients' Electronic Mail Addresses are known. Any Sender can send any Electronic Mail Message, even if undesired, to any Recipient's Electronic Mailbox and consumes the Recipient's available resources.
Further more, in the prior art, the sending party only leaves some uncertified information about the sending party in the Electronic Mail Message. If the sending party forges information, the true source of the Electronic Mail Message may not be revealed. As a result, SPAM and Electronic Mail Messages carrying computer viruses or malicious programs can widely spread without an easy way to be tracked down. One of the key factors of the problems is due to the send-and-walk-away manner for delivering Electronic Mail Messages.
In the prior art, Public Key Cryptography may be utilized for the authentication and certification of communication. Typical steps involved in packing an encrypted Electronic Mail Message with an Electronic Signature by the Sender are as follows:                1. Compose an Electronic Mail Message.        2. Use a hash-function algorithm to generate a Message Digest of the composed Electronic Mail Message.        3. Use Public Key Cryptography to encrypt the Message Digest with the Sender's Secret Key as the Sender's Electronic Signature.        4. Attach the Sender's Electronic Signature to the composed Electronic Mail Message.        5. Generate a randomly chosen Session Key of Private Key Cryptography.        6. Use Private Key Cryptography to encrypt the composed Electronic Mail Message and the attached Sender's Electronic Signature with the chosen Session Key.        7. Use Public Key Cryptography to encrypt the Session Key with the Recipient's Public Key.        8. Send the encrypted Electronic Mail Message that includes the Sender's Electronic Signature and the encrypted Session Key to the Recipient.        
And typical steps involved in unpacking an encrypted Electronic Mail Message including a Sender's Electronic Signature and an encrypted Session Key by the Recipient are as follows:                1. Use Public Key Cryptography to decrypt the encrypted Session Key with the Recipient's Secret Key, obtain the Session Key.        2. Use Private Key Cryptography to decrypt the encrypted Electronic Mail Message including the Sender's Electronic Signature with the Session Key, obtain the Electronic Mail Message in an understandable format and the Sender's Electronic Signature.        3. Use Public Key Cryptography to decrypt the Sender's Electronic Signature with the Sender's Public Key, obtain the Message Digest created by the Sender.        4. Use the same hash-function algorithm to generate a new Message Digest of the received Electronic Mail Message.        5. Compare the new Message Digest to the received Message Digest to ensure that two Message Digests are identical.        
There are two fundamental constraints in the above steps—how to get a person's Public Key and how to certify its legitimacy. Some approaches have been proposed, such as exchanging Public Keys beforehand among people; using key rings to maintain many other people's Public Keys by each person; obtaining Public Keys from third-party servers maintaining people's Public Keys; obtaining digital certificates of Public Keys from a commercial certification authority by presenting people's driver licenses, original birth certificates, passports, or the like to prove people's identities; certifying Public Keys via trustworthy persons with the persons' Electronic Signatures on third-party persons' Public Keys; etc., all require cumbersome processes that users need to involve.
Because of the hassles of distributing and certifying Public Keys, it becomes impractical to regenerate Public-Secret Key Pairs for the security purpose as people have being doing for their account passwords of Electronic Message Systems.
Electronic Interactive Communication Systems such as Microsoft Instant Messenger or the like only allow people to communicate with each other via a common service provider. In order to communicate with someone, the initiator has to ensure that the respondent already registered with the identical service provider. People cannot communicate as freely as using Electronic Mail System between different service providers.
Many Electronic Message Systems choose user IDs and passwords for the authentication of financial services such as transferring funds. One of the major drawbacks of using user IDs and passwords is that all the information needed for the authorization of fund-transfer could be obtained from a single source—the service provider. User IDs and passwords of many accounts could be stolen either by computer hackers or unfaithful employees. Since it is more difficult to steal equivalent amount of information from individuals one-by-one than from a single source, it would be safer to utilize Public Key Cryptography for fund-transfer and let each account holder keep his or her own Secret Key privately. However, the prior art lacks an effective method of distributing, certifying, and maintaining Public Keys. Another drawback of using user IDs and passwords is the lack of certification of the content of Electronic Message such as amount of fund, payee of fund, etc.
Some Electronic Message Systems even do not have any capabilities of authentication. Using a credit card for paying for merchandise on the Internet is one example. There is no way for a merchant to know whether or not a buyer is really the credit account holder or just a person knowing someone else's credit card number.
Many Electronic Message Systems provide license agreements of services or software and request the licensees to click an “Accept” button on the screen display of the licensees' Local Computers denoting the acceptance of the license agreements. This approach does not provide authentication of the licensees' identities or certification of the contents of license agreements.
After downloading or receiving computer software from a developer's or distributor's Electronic Message System, the user cannot ensure if the computer software has been tampered with embedded programs by hackers.
In the prior art, although many methods are used by computer software vendors to implement copyright protection for their products, the general approach is for the vendors to create and provide security keys to the licensees. In the event that any convict infringes copyright to redistribute the computer software with a valid security key obtained from the vendor, it is questionable who actually reveals the security key.