At present there are approximately 4 billion electronic mail (email) accounts in use globally rising to approximately 5 billion in 2017, of which about 25% are corporate email accounts. Business email accounts expected to generate over 130 billion emails in 2017. In addition to their email accounts users today commonly exploit instant messaging (IM) and simple message service (SMS) services as well as exploiting social networking, social media, blogs, and other electronic messaging systems.
Over this same period of time since the early 1980s that electronic messaging has grown then so have the approaches for third parties to gain access to these communications, to the computer systems transmitting and receiving them, etc. or exploit them to acquire information about the user, financial information, etc. In other instances third parties seek to download tracking software, viruses etc. to the user's computer systems. Today these include, but are not limited to, message intercepting, email logging, hacking, spamming, phishing, spyware, malware, keyloggers, screen capturing, Trojan horses, WWW robots (BOTs or bots), IP spoofing, man-in-the-middle attacks, worms and viruses.
Accordingly, with electronic messaging (EM) it is important to distinguish between Internet and internal EM systems. With the Internet an EM may travel and be stored on networks and computers outside the sender's or the recipient's control. During the transit time it is possible that third parties read or even modify the content. In contrast, internal EM systems, in which the information never leaves the organizational network, may be more secure, although information technology personnel and others whose function may involve monitoring or managing may be accessing the email of other employees. However, even with internal EM systems a successful penetration of the firewall(s) and other network security measures of the organization may result in information being sent outside the internal EM systems.
Accordingly, whilst it does not prevent interception, the exploitation of encryption techniques should prevent the message content being immediately visible to the interceptor. Within an encryption scheme, the message or information, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, encryption schemes usually exploit a pseudo-random encryption key generated by an algorithm although other encryption keys may be employed. It is in principle possible to decrypt the message without possessing the key, but, for a well-designed encryption scheme using such pseudo-random encryption keys, large computational resources and skill are required. An authorised recipient can easily decrypt the message with the key, provided by the originator to recipients but not to unauthorised interceptors.
Other techniques seeking to remedy the third party attacks and intercepts include Virtual Private Networks or The Onion Router (Tor) anonymity network can be used to encrypt traffic from the user machine to a safer network while GNU Privacy Guard (GPG), Pretty Good Privacy (PGP), Secure/Multipurpose Internet Mail Extension (S/MIME) exploiting traditional public key cryptography, and SMEmail exploiting elliptic curve cryptography, can be used for end-to-end message encryption, and Simple Mail Transport Protocol and STARTTLS (SMTP over Transport Layer Security/Secure Sockets Layer) can be used to encrypt communications for a single mail hop between the SMTP client and the SMTP server.
However, these prior art methodologies are intended to protect the message by converting the plaintext at the sender's terminal to ciphertext for transmission before it is re-converted to plaintext at the receiver's (or recipient's) terminal. However, once decrypted the message content, now in plaintext is accessible to malware, Trojan horse software, etc. upon the recipient's terminal allowing its contents to be acquired and transmitted without the recipient's and/or sender's knowledge.
Accordingly, it would be beneficial to provide users with methods and systems enabling secure messaging to be undertaken as well as secure document transmission and viewing that overcomes the limitations within the prior art. Accordingly, beneficially embodiments of the invention provide secure messaging and secure document transmission even upon potentially compromised desktop computers.
Other aspects and features of the present invention will become apparent to those ordinarily skilled in the art upon review of the following description of specific embodiments of the invention in conjunction with the accompanying figures.