1. Field of the Invention
This invention relates to a system and method for permitting the originator of a message sent by electronic mail or an analogous system, including messages sent over an open network, to cause the message and all incarnations of the message (or at least incarnations of the message selected by the originator) to self-destruct at a desired date and/or time, or upon the occurrent of a predetermined event, regardless of the number and types of computers or software systems that may have interacted with the message.
In order to enable all or selected incarnations of the message to self-destruct, the preferred embodiments of the invention provide a level of control over electronic mail that also enables the originator to limit an electronic mail recipient's processing and handling rights. Although limitation of processing and handling rights is not essential to the general concept of causing all or selected incarnations of a message to self-destruct, i.e., to the concept of predetermining when an electronic mail message will expire, and although limitation of certain processing and handling rights apart from the concept of electronic mail message expiration is known, the invention also relates to the manner in which limitation in the processing and handling rights is achieved, which is a by-product of the level of control necessary to achieve expiration of the message and all its incarnations.
Finally, the invention also relates to electronic mail origination and viewer software that implements the electronic mail self-destruct system and method of the invention, and to a method for distributing electronic mail origination and viewer software in order to establish a controlled access electronic mail system.
2. Description of Related Art
The following description of “related art” begins with a general description of the properties of electronic mail that serve to define the context of the invention, followed by a discussion of a prior art system that purports to provide a framework for controlling distribution of electronic documents in general, known as the “virtual distribution environment” (VDE) and disclosed in U.S. Pat. Nos. 5,892,900, 5,910,987, 5,915,019, and 5,917,912. The third section of this description of related art describes systems specific to electronic mail and that provide controls of such processing or handling functions as forwarding and reply, while the fourth section describes a system, disclosed in U.S. Pat. No. 5,870,548, that provides for cancellation of electronic mail messages after sending. The fifth section of the description discusses a patent related to delivery of an interactive television program in relation to the feature of the invention involving distribution of the viewer applet that enables control of expiration date and processing functions, and the last section summarizes the differences between the present invention and the prior art.
(i) Definition of “Electronic Mail”
Electronic mail can be defined as a system or method for transmitting electronic data or text files from one computer to another based solely on a destination address without reference to the content of the files or, in general, to the route taken to reach the destination address, and in a form that permits the files to be accessed and manipulated at the destination address at the convenience of the recipient.
Electronic mail defined in this manner can be compared to postal mail, in which letters are routed solely to their destination based on addresses written on envelopes, the content of the messages being hidden in the envelopes, and the envelopes being placed in a mailbox for later retrieval at the convenience of the addressee.
Those skilled in the art will appreciate that the above definition is not the only possible definition of electronic mail, and that the invention is therefore not necessarily to be limited by this definition. Instead, the definition is intended as an aid to understanding the manner in which the invention differs from other types of systems and methods which might, like the present invention, provide for sender controls and a limited lifespan for the transferred files, but do not have the above characteristics of electronic mail. Examples of conventional file or data transfer systems that do not fall within the definition of electronic mail, but in which control of information is retained by the originator or sender, include video pay-per-view systems that rely on signal scrambling and the use of converter “boxes” to unscramble the signal and permit viewing of a video when payment has been received, and shareware or demonstration software downloads that self-destruct after a trial period if the shareware is not registered.
The “convenience of the recipient” aspect of the definition is important because it distinguishes electronic mail from real time electronic data transfers such as the file transfer protocol (FTP), and implies that electronic mail files must be stored somewhere and directly accessible at least once by the recipient at some time following receipt. It is this storage that gives rise to the problem addressed by the present invention, namely the extended life of an electronic mail message. While storage is an essential aspect of electronic mail, however, it will be appreciated that the files do not need to be stored in plain text form, and that the local storage need not be on the recipient's computer or even on a network server such as an IMAP server.
Another important aspect of the definition of electronic mail is that the files transferred are data or text files that contain information, rather than executable programs. It is a trivial matter to program self-destruction into an executable program, but a data or text file cannot be delete without the aid of an external program, which in conventional electronic mail systems is entirely under the control of the recipient.
A third important aspect of the definition of electronic mail is that the electronic mail messages are relayed through a network of intermediate hubs based solely on the destination address, much as envelopes are handled by a conventional postal mail delivery system. The contents of an electronic mail object do not affect its ability to be delivered anymore than does the content of an envelope, and thus the data fields or contents of an electronic mail object can be formatted in any desired manner (with the exception of certain fields reserved for the writing of routing or tracking information that can be used for debugging). In particular, it is possible to insert flags that cause actions to be performed at the receiving end of the transmission, and that are unique to the sending and receiving software, without requiring new data structures or substantive revision of the conventional electronic mail protocols, and without affecting the transmission. In the case of Simple Mail Transfer Protocol (SMTP) transmission, these flags can be included as extensions of the destination address permitted by SMTP, or as an internal message header that is treated by SMTP as text or data and that is recognized only by the receiving software.
The broad definition of electronic mail given above can be implemented in numerous ways, and the present invention is intended to apply to all such implementations. The most common implementation is currently SMTP, which determines how electronic mail objects are routed to a destination address, and its related protocols, the Post Office Protocol (POP) or Internet Mail Access Protocol (IMAP), which set up “mailboxes” at the destination address, either locally or on a mail server, following transmission by SMTP. The invention is of course explicitly applicable to electronic mail sent via SMTP. In addition, messaging systems such as Lotus Notes™ may be considered to be within the definition of electronic mail for purposes of the invention.
(ii) “Virtual Distribution Environments” and the Concept of Control
In order to limit the lifespan of a message, it is necessary to exercise some control over the message. The present invention provides such control and, as a result, also offers the possibility of enabling the sender to limit not only the lifespan of the message, but also handling of the message, including forwarding, copying, printing, and so forth.
While providing such control is an important feature of the invention, however, it is not a unique feature. In fact, a system currently exists, at least in the form of a patent specification, which in theory provides all of the control necessary to achieve virtually any desired handling or lifespan limitations on any type of transferred file. The system is known as the Virtual Distribution Environment (VDE) and is disclosed in U.S. Pat. Nos. 5,892,900, 5,910,987, 5,915,019, and 5,917,912, all entitled “System and Methods For Secure Transaction Management and Electronic Rights Protection” (the VDE patents). The problem with VDE as a solution to the problem of message lifespan is that, in addition to not suggesting the concept of enabling the originator of an electronic mail file to control its lifespan, the controls implemented by VDE are too complex to be implementable through conventional mail protocols such as SMTP.
In general, there are three ways that control of a transferred file might be retained by the originator. The first, used for pay-per-view systems, is to prevent any copying or recording of the files, so that the files can only be viewed as they are being broadcast or downloaded. The second, used in the case of executable software downloads, is to include self-destruct instructions in the program instruction set. In the case of non-streaming, non-executable files, however, a third method is required. This is the method used by the presented invention, and is also the method implemented by VDE. In its most general form, this third method of transferred file control involves encryption of the files so that they can only be processed by software designed to implement the desired controls. The software that decrypts the files can be programmed to destroy the files at a desired date or upon the occurrence of a particular event, no matter how often the files have been copied or re-transmitted.
While the system and method described in the VDE patents thus utilizes the same general principle as the present invention, namely retaining control of files distributed over an open network by encrypting the files and utilizing software at the receiving end to exercise control over the files, including destruction of files (mentioned, for example, in col. 169, lines 61 et seq. of U.S. Pat. No. 5,917,912), and even protection of electronic mail (col. 278, lines 58 et seq. of U.S. Pat. No. 5,917,912), the details of the system and methods described in the VDE patents are substantially different than those of the present invention. Instead of utilizing existing communications protocols, VDE requires revision not only of the file origination, transmission, and receiving programs, but also “component, distributed, and event driven operating system technology, and related communications, object container, database, smart agent, smart card, and semiconductor design technologies” (Col. 8, lines 1–7 of U.S. Pat. No. 5,917,912). As a result, even though the VDE can be made to perform virtually any desired control function it is simply not practical in the context of electronic mail.
The impracticality of the systems disclosed in the VDE patents is explained at length in a later patent by the same assignee, U.S. Pat. No. 5,920,861, which compare VDE to a “blank canvas” on which the “master painter” can create his or her masterwork (col. 3, lines 1–12 of U.S. Pat. No. 5,920,861), but which is not suitable for use by the average end user. To solve the ease-of-use and interoperability problems, the later patent proposes to implement the generic template structure of the “virtual distribution environment” by creating a specific machine readable data structure. This solution to the problem is exactly opposite the solution provided by the present invention, which is to provide an applications level program that is completely compatible with existing protocols. This is possible because the present invention, unlike the VDE system, seeks to provide a specific control function, namely the specification of an expiration date for a message, in a specific context, namely electronic mail. It is designed to work within existing communications structures, and in particular within existing SMTP, POP, and IMAP formats, while providing a simple user interface that will be as familiar to the average electronic mail user, and as easy to use, as existing electronic mail programs.
(iii) Control in the Specific Context of Electronic Mail
While the VDE concept provides a framework by which sufficient control of electronic mail could be achieved so as to enable a sender to limit the lifespan of the electronic mail, the VDE system essentially amounts to overkill, and therefore has no practical application to electronic mail as defined above.
On the other hand, those systems described in prior patents that are specifically directed to the concept of enabling originator control of electronic mail messages, for the most part in the context of ensuring that a message will be read or forwarded rather than to limit the lifespan, do not provide for a sufficient level of control, at least of messages sent over an open network, to ensure that all incarnations of a message will in fact be expunged. While it might seem that the advantages of providing sufficient control of electronic mail to ensure that messages can be made to expire at a time, date, or upon the occurrence of an event selected by the originator might have been grasped by designers of the prior systems, there are reasons why the advantages were in fact not apparent to such designers.
First, since electronic mail has been designed to be analogous to postal mail and postal mail has no function analogous to message expiration, except for the use of disappearing ink, it is likely that the concept of enabling the originator of a message to control the expiration and limit use of the message was simply not considered. The expiration of messages has previously been the province solely of fiction, exemplified by the self-destructing tape recorder in the opening scene of the television show Mission Impossible, and not as a way to give any sender of a message control of the lifespan of the message.
Second, the systems and methods disclosed in the prior patents are for the most part intended solely to force a response from the recipient, or facilitate distribution and forwarding of a mass mailing, with no consideration of what happens to the message after the response is made or the message is forwarded, and no provision for limiting either the lifespan or the use of a message once an appropriate response has been made.
For example, U.S. Pat. No. 5,325,310 discloses a system which prevents deletion of an electronic mail message until it has been viewed and/or forwarded, while U.S. Pat. No. 5,878,230 discloses a system designed to force a reply or forwarding, and U.S. Pat. No. 5,125,075 is one of several patents that disclose systems for controlling routing and access to electronic mail “circulars.” It is not surprising that systems designed to ensure that an electronic mail message is read and disseminated in a desired manner have not provided for expiration of the messages being disseminated.
The only systems that actually provide for a limited message lifespan are those that automatically delete files after a predetermined period of time in order to clear space on a disk drive. These systems do not provide for originator control of the lifespan of the message, and in particular one that is to be sent over an open network rather than being retained on a local area network server. An example of this type of system is disclosed in U.S. Pat. No. 5,598,279, which describes a local area network server that provides for timed destruction of electronic mail and other files to save space on the server, but without the inclusion of an end-user interface that permits the originator of the electronic mail to select an expiration date, or any controls that would make such an interface possible.
(iv) Cancellation of an Electronic Mail Message—U.S. Pat. No. 5,870,548
The one patent that in a sense involves originator control of the lifespan or expiration of electronic mail messages is U.S. Pat. No. 5,870,548. However, the lifespan control provided by the system disclosed in this patent is in the form of the ability to cancel messages, rather than to select a lifespan prior to sending the message. As with the forwarding or response requiring systems, implementation of the cancellation message is left to the recipient, and no provision is made for dealing with of copies of the original message that have already been forwarded.
U.S. Pat. No. 5,870,548 can be fairly said to represent the current wisdom in the art of electronic mail handling. Basically, the view has generally been that “once the message is submitted to the Internet, it cannot be directly altered, canceled, or retracted by the originating program” (U.S. Pat. No. 5,870,548, col. 1, lines 37–39). The solution proposed in U.S. Pat. No. 5,870,548 is simply to send a follow-up “action message” to the recipient, asking for cancellation. The problem is that by the action message has been sent, the original message might have been copied or forwarded and therefore out of control of the original recipient, even if the recipient were to cooperate and cancel the message.
Even if cancellation of a message sent by the system of U.S. Pat. No. 5,870,548 could be assured, the system described therein does not take into account the possibility that the message might already have been forwarded. Furthermore, while it might be possible to prevent forwarding, and thereby help ensure cancellation, there are numerous reasons why a sender might wish to permit forwarding of a message and yet have all incarnations of the electronic mail message, rather than just the original incarnation, expire at a particular date or time. The message could contain proprietary data for use by vendors, preliminary test results or draft research papers, confidential work product to be shown to groups of clients, or personal medical data that might be forwarded to different specialists, as necessary. The ability to send requests for cancellation of the message after the message has been sent and processed without any restriction is clearly is not an adequate response to such conditions.
(iv) Distribution of Viewer Applets
An important feature of the present invention concerns distribution of the viewer applet that which enables or implements destruction of an e-mail message at a predetermined date, time, or event. The system and method of the invention permits the originator to address the message to any desired recipient equipped to receive electronic mail, whether or not the recipient is in possession of the viewer applet that enables the recipient to read the message. This is accomplished either by first notifying the recipient that an encrypted message has been received and then sending the viewer applet to recipient upon request, by attaching the viewer applet to the message and notifying the recipient so that the message can be immediately installed by the user, or even by causing the viewer applet can even be installed automatically upon opening of the electronic mail in a manner analogous to an electronic mail virus.
U.S. Pat. No. 5,877,755 discloses a somewhat similar arrangement in the context of a interactive broadband multimedia system. In its broadest form, the system of U.S. Pat. No. 5,877,755 provides for transmission to a customer of the executable program file that permits use of the interactive system to the customer, and then having the executable program file request downloading of the multimedia data file.
The present invention extends the concept of supplying executable program files that request data or files (which is also the concept behind “push” applets that plug into a web browser) to electronic mail with dramatic results. Whereas in all prior commercial software distribution systems including the system of U.S. Pat. No. 5,877,755, potential users must be identified and persuaded to initiate contact in order to obtain the executable program files, and so forth, the system and method of the present invention can be propagated primarily by the users themselves without the need for advertisements, central mailing lists, and so forth. Each time a user of the system sends an electronic mail message to a non-user and the non-user chooses to read the message, the non-user becomes a participant in the system. From a marketing and distribution standpoint, the present invention represents an entirely new paradigm.
(v) Summary of Difference Between Invention and Prior Art
In summary, while the advantages of control of the lifespan of electronic mail messages is immediately apparent, none of the prior systems discussed above is intended to provide such control, nor are they suitable for use in providing such control. The system described in the VDE patents, i.e., U.S. Pat. Nos. 5,892,900, 5,910,987, 5,915,019, and 5,917,912, provides a potential general framework by which electronic mail messages could be limited, but the requirement for new data structures, hardware, and programming paradigms makes it unsuitable for practical application to an electronic mail system. In contrast, the electronic mail system and method of the present invention is designed to work within the existing electronic mail protocols, (although it is not limited thereto), at the applications level, without requiring new data structures, hardware, or other security features. Furthermore, while the remaining patents discussed above generally provide for sender control in the specific context of electronic mail processing or handling, they do not offer (and do not need to offer) a level of control sufficient to ensure that the electronic mail message will in fact be expunged at a desired date or time, or upon the occurrence of a preselected event, and thus are also unsuitable for implementing the invention. Finally, unlike centralized digital file distribution systems such as the one disclosed in U.S. Pat. No. 5,877,755, the pre-distribution or simultaneous distribution of the viewer applet with the electronic mail message so that the message can be read by any electronic mail user, the electronic transmission of the applet operating as a key to playing or further distributing the digital content, permits the “infrastructure” necessary to implement the system to be self-propagating and thereby create what is effectively not only a “virtual distribution environment,” but a revolution in distribution and marketing that has the potential to do for software, or at least electronic mail software, what Henry Ford did for automobiles or Ray Kroc for hamburgers.