The present invention relates generally to providing security for communications in networks such as the Internet, and more particularly to the secure communication of e-mail messages within such networks.
Virtually every user of electronic communications mediums has at some time or another paused to wonder about the security of messages within those systems. Various reasons exist for causing concern in this regard, probably ones far too numerous to cover here, but a few examples include having to depend on complex technologies, having to rely on unknown and possibly untrustworthy intermediaries, and the increasing anonymity in our electronic communications due to the distances which messages may travel and the masses of people which we may now reach.
Existing communications systems have had a long time to establish security mechanisms and to build up trust in them by their users. In the United States our conventional postal mail is a good example. We deposit our posted letters into a receptacle which is often very physically secure. Our letters are then picked up, sorted, transported, and ultimately delivered to a similar receptacle for retrieval by their recipients. Between the receptacles of a sender and a receiver the persons handling a letter are part of a single organization (at least intra-nationally) that is well known to us and considered to be highly trustworthy. Even on the rare occasions when the security of our postal system does fail, it has mechanisms to quickly detect and to correct this.
Unfortunately, most of us do not have anywhere near a similar degree of trust in the security of e-mail as it passes between senders and receivers in our modern electronic communications mediums. We generally trust only in our ability to maintain the security of our sending and receiving xe2x80x9creceptaclesxe2x80x9d for e-mail messages, because they are personal computers (PCs), workstations, Internet appliances, etc. which are within our personal physical control. We also typically appreciate that we have much less control over what goes on in the electronic medium between such receptacles. Any number of miscreants may copy and receive an unsecured e-mail without its sender and receivers being any the wiser. Even worse, in many cases, an e-mail message can be maliciously altered in transit, fraudulently concocted entirely, or later simply repudiated.
The problem of e-mail security is a severe one and is already receiving considerable attention. Legal mechanisms have and are more strongly being put into place to punish and to discourage security breaches, but the very beneficial ability of e-mail to travel so far and so swiftly also means that it may cross legal boundaries, potentially hampering such legal efforts and definitely creating a crisis in user confidence.
Old technologies have been revived and extended for use in the new electronic medium, often variations of ones long used in combination with conventional postal systems to obtain heightened security there. Thus we are seeing a resurgence of interest in and the use of cryptography.
Many of the existing systems for e-mail security are unwieldy, not well trusted, or both. The very electronic systems which have made e-mail possible and efficient have already made many conventional cryptographic systems obsolete, or at least highly suspect. Modern computer systems have the ability to perform staggering numbers of tedious operations in a massively parallel manner, and many strong cryptographic systems of the past have now been shown to be no longer reliable.
New systems have emerged, however. The last 25 years has seen the introduction, rapid development, and more recently the application in electronic communications of public-key and private-key based systems commonly termed a xe2x80x9cpublic key infrastructurexe2x80x9d (PKI). These are presently quite popular, but perhaps prematurely and unduly.
The foundation of the PKI system is generally attributed to work done by Ron Rivest, Adi Shamir, and Leonard Adleman at the Massachusetts Institute of Technology in the mid 1970""s. The result of that work, commonly known as the RSA algorithm, is a cryptosystem wherein both a public and a private key are assigned to a principal. The public key is revealed to all, but the private key is kept secret. The keys used are both large prime numbers, often hundreds of digits long, and the inherent strength of the RSA algorithm lies in the difficulty in mathematically factoring large numbers.
To send a message securely the message is encrypted using the public key of its intended recipient (here the principal). The message can then only be decrypted and read by the recipient by using their private key. In this simple scenario anyone can send messages to the recipient which only the recipient can read.
A highly beneficial feature of the PKI approach is that a sender can also be a principal and can send a message which only they could have sent. i.e., a non-repudiable message. For this the sender encrypts a message (often only a part of what will be a larger message) using their private key. A recipient then knows that the purported or disputed sender is the true sender of the message, since only using that sender""s public key will work to decrypt the message.
In practice, the sender and the receiver often are both principals in PKI systems. The sender encrypts a xe2x80x9csignaturexe2x80x9d using their private key, then embeds this signature into their message, and then encrypts the result using the recipient""s public key. The message then is secure to all but the recipient. Only the recipient can decrypt the message generally, using their private key, and once that is done the recipient may further use the sender""s public key to specifically decrypt the signature. In this manner the receiver may rest assured that the sender is the true, non-repudiable, source of the signature (and implicitly the entire message; but this works more securely still if the signature uniquely includes something like a hash of the general message).
As the presence of the term xe2x80x9cinfrastructurexe2x80x9d in PKI implies, however, this popular cryptographic system requires a considerable support system. An authority typically is needed to issue and particularly to certify the keys (usually both, as a matter of practicality), since PKI relies on public keys. The public keys must also be published, so that those wishing to send a message can determine keys for intended recipients. These tasks are usually handled by a xe2x80x9ccertification authority.xe2x80x9d Unfortunately, as the marketplace in our competitive society is now demonstrating, this can lead to a plurality of certification authorities all vying for acceptance and thoroughly confusing the potential users.
Of course public and private key systems are possible without the use of a certification authority, say, among small groups wishing to carry out secure communications among themselves and where repudiation is not a concern. But as the very negative reaction by government to initial publication of and about the RSA algorithm has aptly demonstrated, true, unbridled security can be perceived as a threat to government ability to protect society. While it is probably now too late for governments to fully suppress the use of ultra-strong cryptography, it also follows that governments will be more receptive to cryptosystems that can be opened when truly appropriate (often termed xe2x80x9ckey escrowxe2x80x9d systems).
PKI also has some problems with regard to usability and efficiency. Since the keys are quite large, usually well beyond the capability of an average human to memorize, they are awkward to work with. Machine based storage and usage mechanisms usually must be resorted to just to handle the keys. This is a severe impediment to mobile use across multiple systems and to recovering after erasure from volatile memory, and it creates a whole host of additional problems related to protecting what effectively becomes a physical key needed to contain the private key. A receiver based key system, such as PKI, is also unwieldy in some situations. For example, if there are multiple intended recipients, a public key for each must be obtained and used to separately encrypt each message copy. This can encompass quite a severe computational burden as a list of intended e-mail recipients grows in number.
Accordingly, prior art cryptosystems and PKI systems provide many benefits, but even they are not perfect in all regards. It is increasingly becoming apparent that it is now desirable to improve on, augment, or even replace such systems.
Accordingly, it is an object of the present invention to provide a security protection scheme for e-mail messages as they are communicated on networks.
Another object of the invention is to provide a security protection scheme which minimally burdens its users.
And, another object of the invention is to provide a security protection scheme which flexibly may be embodied to operate with a wide range of e-mail applications, particularly including conventional, stand-alone type e-mail applications as well as newer web-based e-mail applications.
Briefly, one preferred embodiment of the present invention is a method for sending a secure e-mail. An e-mail message is composed by a sender, with the message including a body field and at least one receiver field containing receiver ids for intended receivers. A sender id, a sender password, and the receiver ids are provided to a security server, and a message key and a message id which is unique for the e-mail message are then received back from the security server. The body field of the e-mail message is encrypted based on the message key and the message id is enclosed to form the secure e-mail. The secure e-mail is then mailed in conventional manner to the receivers. And the message id, message key, and receiver ids are stored at the security server, to allow it to provide the message key to the receivers so that they may decrypt and read the secure e-mail.
Briefly, another preferred embodiment of the present invention is a method for receiving a secure e-mail. The secure e-mail is accepted by a receiver, wherein the secure e-mail includes a body field that is encrypted and a message id that uniquely identifies the secure e-mail. The message id as well as a receiver id and a receiver password for the receiver are provided to a security server, and a message key is received back from the security server. The secure e-mail is then decrypted based on the message key, to form an e-mail message which is readable by the receiver.
Briefly, still another preferred embodiment of the present invention is a system for communicating an e-mail message securely between a sender and a receiver. A sending unit is provided that composes the e-mail message for the sender, wherein the e-mail message includes a body field and a receiver field containing a receiver id representing the receiver. The sending unit includes a logic that provides a sender id, a sender password, and the receiver id to a security server. The security server includes a logic that replies to the sending unit with a message id, which is unique for the e-mail message, and a message key. The security server further includes a logic that stores the message id, message key, and receiver id. The sending unit further includes a logic that encrypts the e-mail message based on the message key and encloses the message id to form a secure e-mail. The sending unit yet further includes a logic that e-mails the secure e-mail in conventional manner to the receiver. A receiving unit is provided that accepts the secure e-mail. The receiving unit includes a logic that provides the message id, receiver id and a receiver password to the security server. The security server yet further includes a logic that replies to the receiving unit with the message key for the secure e-mail. And the security server still further includes a logic that decrypts the secure e-mail based on the message key into the e-mail message such that it is readable by the receiver.
An advantage of the present invention is that it provides for highly secure e-mail communications. The invention protects e-mail between senders and receivers by using a robust manner of encryption. It further permits a high degree of e-mail tampering detection, as well as non-repudiation by e-mail senders. The invention provides all of its function without ever needing to inspect the actual email message.
Another advantage of the invention is that it minimally burdens those using it. It does not require complicated installation and configuration by its users, being either pre-installed or rapidly user-installable with defaults provided for all configuration options. It employs a simple registration scheme which permits prompt use after registration and any installation are complete. Because of these and other features, the target recipients of secure e-mails created using the invention need not be pre-registered. A sender may create and send a secure e-mail, and the invention can detect which intended receivers are not registered. The invention can then advise those intended receivers, via conventional e-mail or other means, that they are about to receive a secure e-mail and how to prepare for such.
Another advantage of the invention is that its core functionality does not rely on public-private key encryption schemes, although such may be incorporated in some elements of the invention to make it convenient and also more secure in some ancillary respects.
And, another advantage of the invention is that, unlike a public/private key system, the key to the email message need not be encrypted once for every recipient. Thus, the number of encryptions performed is independent of the number of receivers.
These and other objects and advantages of the present invention will become clear to those skilled in the art in view of the description of the best presently known mode of carrying out the invention and the industrial applicability of the preferred embodiment as described herein and as illustrated in the several figures of the drawings.