Many email users recognize the importance of security in their communications and most want solutions to secure their email communications. A conventional solution for solving the email security problem includes a system using public and private key pairs for both the sender and the recipient. However, while conventional solutions address the pure communication security issues, other problems have arisen, mostly due to use of the commonly available public network, the Internet. Problem areas include unwanted, unauthorized, or inappropriate communications.
Since most emails traverse the Internet and virtually all email addresses can eventually become known, conventional email communication systems have problems with spam/junk mail or embedded viruses. Additionally, conventional email communication systems do not provide for controls for the unauthorized use of email communications for the transfer of protected intellectual property, such as copyrighted music files, corporate secrets, or sensitive information (e.g., social security numbers, credit card numbers, passwords, etc.). Also, conventional email communication systems do not filter email communications for inappropriate content, such as, in a corporate setting, communications that include offensive language, suggestive pictures, threats, and other blatant or illegal content.
In addition to these problem areas, it may be important for a sender to have confirmation that an email message has been received by the intended recipient and at what time the message was opened. Many conventional email systems do not provide such services.
Clearly, not everyone wants or needs the same solution. For example, an individual sending a simple note to a friend at a corporate email address may not see a need for any sort of security, virus scanning or content filtering, whereas the corporation that will be receiving the email message may see a significant need to address these issues. Some email users are willing to, and are competent to, install a secure email client on their desktop computers and generate a pair of public and private keys in order to send and receive encrypted communications at the desktop. However, many of their potential email correspondents may not be willing, not allowed or may not be competent to install and operate that type of email encryption system. Some organizations do not want users to install a desktop secure email client. In fact, some organizations do not want encrypted communications to reach the desktop computers at all. These organizations would prefer encrypted communications to be decrypted at a gateway, so that the content of the communications can be easily scanned, filtered and/or monitored. Still there are others who do not want to install a secure desktop client nor a gateway solution, but are willing to send and/or receive secure emails through a third party hosted message center using a secure communication link, such as SSL.
It is important to note that secure email communications require the sender and the recipient to use the same acceptable level of security. Security that is acceptable to the recipient may not be acceptable to the sender, or vice-versa. Different delivery methods are associated with different security levels. For example, encrypting a message using the public key of the recipient and sending the encrypted message directly to the recipient's desktop is perhaps the most secure solution, because no one else, including network administrators, can read the encrypted message. An alternative method includes encryption/decryption at a gateway of an organization's network where certain scanning or filtering functions can be performed. In this scenario, the encrypted message cannot be read by anyone outside of the organization. However, once the message is decrypted at the gateway, it becomes accessible to people who have access to the email server or internal network traffic (e.g., network administrators). Details of the use of the recipient's private key or a corporation master private key will be obvious to the skilled reader. Another secure method is to use a third party hosted message center to receive a message (securely or not), and then allow the recipient to access the message by use of a password through a secure communications link such as SSL. This method has the benefit that no public/private key pairs are needed and no special software needs to be installed by the recipient, either on the desktop or at the gateway. A further benefit of the third party hosting method is the ability to provide affirmation of receipt of a message by the intended recipient, including the date and time, to the original sender. However when using third party hosted systems, one down side is that the third party itself may have access to the messages stored on their message center systems and could be forced, under certain conditions, to provide certain information under an authorized court order regarding a particular message, even if the message content has been destroyed or is stored in an encrypted manner.