1. Field of the Invention
The present invention relates generally to a certified email system capable of receiving email messages (with any attachments) from any sender computing device; requesting and receiving a trusted third-party time stamp; generating time-stamp notifications; verifying a time stamp of a file or email (with any attachments); parametric searching of archived and time-stamped emails and files; and creating detailed pass-through client/project billing.
2. Description of the Prior Art
The most important business communication system in the world is email. Email has increasingly taken the place of paper-based mail in everyday communication among individuals and between clients, customers, suppliers, business partners and associates. However, paper mail is still used for official correspondence or when a document is delivered to meet a deadline, because paper mail has provided certain advantages that email has heretofore been unable to satisfactorily replicate. Certified paper mail provides an official record through the United States Postal Service that a document was sent, but email systems which seek to provide a verification of sending are cumbersome, typically requiring email to be sent through a web interface or requiring the installation of specialized software or hardware, and wholly dependent upon the reliability of the system provider. Furthermore, many email verification systems have additionally required the cooperation of the email recipient, whether by logging in to a web interface or installing specialized software. This is a significant drawback for any system which does not enjoy near universal usage, and it is a prohibitive obstacle when sending email to recipients who may not want to receive the email, such as would be the case with an emailed eviction notice or the like.
This challenge has been of particular impact to business and other sectors, such as the legal profession, where a significant proportion of correspondence needs proof of service or receipt to meet legal codes and deadlines.
Separately, many businesses charge their clients for expenses incurred while performing work for them, so the fees for certified mail are passed on to these clients. Past email and document certification systems have failed to provide any integrated project or client tracking. Their use would therefore require either a time-consuming manual effort to determine which email might be charged to which client after they are sent, or a tedious process in which a notation of the related client or project would have to be made before each email sent.
Additionally, projects are often assigned to teams having a need for a centralized location to access and to collaborate on a variety of files, documents, and/or emails. Or, in the context of the legal profession, opposing counsel may find benefit in a mutually accessible multi-party digital file depository. Although various archiving and content management systems are available, they do not provide convenient time-stamping of important documents and emails, so do not provide confirmation of data integrity or authentication.
Further, time-stamp verification methods are currently cumbersome. For example, an end user may be presented with an email and a time stamp, with the assertion made that the time stamp verifies the content and date-and-time of sending. Yet to determine if the assertion is true, the end user has to research how to verify the email with the time stamp and then has to perform the steps discovered. This is neither simple nor straightforward. Thus, an easy-to-use verifying tool could be advantageously used with time-stamped emails.
U.S. Pat. No. 7,162,635 issued to Bisbee proposes a system for registering a document in order to provide proof of existence and possession at a particular time. Bisbee's method utilizes a key proprietary to the document's possessor to cryptographically sign a document, and a trusted third party to verify and time-stamp the cryptographically signed document, as well as to cryptographically re-sign it. The Bisbee system provides only proof of existence and possession, and does not provide any means to determine the delivery of the document to any party or to determine the opportunity of any party to have knowledge of the contents of the document.
U.S. Pat. No. 6,327,656 issued to Zabetian provides for a verification system for confirming the delivery of an email. Zabetian's method relies on a trusted third party extracting a digital signature, or unique HASH, from an original document; the HASH is then stored. At some later point in time, the original document can be authenticated by extracting a HASH and by comparing the newly extracted HASH to the first HASH. Zabetian further provides a system for utilizing the verification method to certify emails. This method involves sending an email to a certification server at a trusted third party, such email containing information indicating the intended ultimate recipient of the email and a document to be certified. The certification provider then extracts a digital signature from the document to be certified, records the signature and time, constructs a new email which contains the certified document, and sends the constructed email to the ultimate recipient.
Zabetian's method presents several drawbacks. Since only the unique HASH is stored, this method provides no way for a document to be later retrieved or recreated from the trusted third party should the original copy be lost. Furthermore, this method at no point utilizes cryptographic signing to verify the original possessor or sender of the document. Additionally, the certification provider is the only provider of a time stamp, and is thus required to be fully trusted. There is no provision for obtaining a certification from another provider to obviate complete reliance on the certification provider. Proof of receiving, time, date, and contents of all rely on the integrity of the certification provider for their accuracy.
Finally, the intermediary step in the email delivery process of generating a new email at the trusted third party's certification server causes the sender of the email received by the ultimate recipient to be other than the original sender. This introduces a level of uncertainty as to the authenticity of the email, as well as significantly increasing the chance that the email will be filtered as spam, as the sending email address will not be on any white list utilized by the ultimate recipient, thus leading to a substantially increased likelihood of the email not being seen by the intended recipient.
U.S. Pat. No. 7,240,199 issued to Tomkow again provides for a system which can be utilized for confirming the delivery of an email. Like the Zabetian system, Tomkow's system relies on a system in which the original sender sends an email to a certification server at a trusted third party. In the Tomkow system, the certification server creates a unique HASH of the email and each of its attachments. The certification server then creates and sends new emails for each intended ultimate recipient, with each email from a unique address (based on the time the email was sent and other factors). Tomkow also provides for the possibility of archiving the contents of the email to the certification server, as well providing for obtaining information regarding the success or failure of the delivery to the various addressees.
The system disclosed by Tomkow faces many of the same drawbacks as that of Zabetian. Although the contents of the original sender's email to the certification server may be retained, there is no provision for retaining the email that was actually sent to the ultimate recipients. Since the actual contents of the emails sent to the ultimate recipients are dependent on the processing of the certification server, there is no guarantee of what was actually sent to each ultimate recipient. Likewise, Tomkow provides no facility for cryptographic signing, and requires that the certification provider be the provider of the time stamp. Tomkow has even more severe drawbacks than Zabetian in relation to obfuscating the original sender of the email, with each email to an ultimate recipient coming from a unique email address, so the ultimate user may not be able to set up any white list more stringent than one which allows any email purporting to be from the domain of the certification server. This opens any users of the system to easy exploitation by spam email vendors who may utilize these permissive filters to expose the users to a profusion of nuisance emails.
U.S. Pat. No. 7,051,370 issued to Wakino discloses a similar system in which an original sender sends an email containing original sender information, ultimate recipient information, billing information, and email content to a content verification server, the content verification server sends a request to bill the sender based on the billing information in the email, transmits the email content to the ultimate recipient, and transmits a receipt to the original sender. This system has essentially the same drawback as the Tomkow system and the Zabetian system, in that the email to the ultimate recipient is not from the original sender, but is from the content verification server, and that the time stamp information is obtained from and maintained by the content verification server with no facility to obtain a time stamp from a more trusted source.
U.S. Pub No. 2004/0255120 filed by Botti et al. provides a system for automatically submitting digital files for verification without the need for user intervention (upon occurrence of an event on a computer system, such as saving a document or a specified time of day) in which a file is sent to a remote server, the remote server extracts a unique HASH from the file, and the remote server applies a cryptographic signature to the file and a time stamp acquired from a secure clock. This system has similar drawbacks to the Wakino, Tomkow, and Zabetian systems in that the time stamp is acquired from a clock maintained by the remote server with no provision for integrating a more trusted entity. The Botti system further provides no system to verify the delivery of emails. While the Botti system does provide a system to verify whether a digital copy of a document is the same as an original time-stamped document by regenerating a HASH to compare to the digital signature of the originally submitted document, no provision is made for partial matches, such as email content-only matches.
U.S. Pat. No. 7,290,143 issued to Renier et al. provides a system that is superficially similar to the main function of the Zabetian, Tomkow, and Wakino systems, with some modifications; however, the main point of differentiation is that in the Renier system, the certification and other processing occurs on the telecommunication network having the mailbox associated with the addressee. This restricts the system to sending certified or time-stamped emails to recipients who are running a server implementing the Renier system, making the use of the system at the option of the recipient rather than the sender. This essentially precludes general use for sending certified emails to general users, who cannot be compelled to use mailboxes associated with a server capable of providing certification. Also, service costs cannot be associated with a client of the system user.
The time-stamping systems disclosed in U.S. Pat. No. 6,393,126 issued to van der Kaay et al., U.S. Pat. No. 6,209,090 issued to Aisenberg et al., U.S. Pub. No. 2004/0049521 filed by Borrowman, and U.S. Pub. No. 2005/0160272 filed by Teppler provide for time-stamping documents by relying on the replacement of a computer's internal clock with an assumedly more accurate or secure internal clock. The secure internal clock provides a time with which the local computer can time-stamp a document. All these systems rely on a local clock, which though more secure than a standard clock is still believed to be less secure than a clock maintained by a trusted third party, and the replacement of the local clock with a nonstandard-clock is both troublesome and likely to be error prone and is difficult to integrate with a standard business IT environment. Furthermore, none of the systems provide for any way to verify the delivery of emails or to verify received time stamps.
The system of U.S. Pat. No. 5,509,071 issued to Petrie, Jr. et al. provides a system which is intended primarily for secure purchase transactions, and therefore relies on extensive cooperation from the ultimate recipient. It is therefore not useful for the desired purpose of verification of delivery to a potentially uncooperative recipient, besides the drawback of requiring significant effort for even a cooperative recipient.
U.S. Pat. No. 7,237,114 issued to Rosenberg discloses a system for maintaining a secure cache of individuals' private keys or portions of individuals' private keys to ensure the secure maintenance of the private keys, and a system by which the keys can be temporarily reconstructed or used in a secure environment. The system therefore does not provide for time-stamping documents or verification of delivery of emails.
U.S. Pat. No. 5,872,849 issued to Sudia provides a system for splitting private keys, and though it utilizes public and private keys, it provides no application to certifying, signing or time-stamping documents.
U.S. Pub. No. 2007/0118732 filed by Whitmore discloses a system in which a user sends a file to a remote server, user inputs a username and password or otherwise has their credentials verified, and the remote server signs the document. This system does not provide any system for time-stamping the document, nor a way to verify the delivery of email.
U.S. Pub. No. 2007/0106912 filed by Tanaka provides a system for updating a time stamp over time to ensure that the certification is kept current, and as such is not concerned with the method by which the original time stamp is obtained.
Accordingly, there is an established need for an efficient certified email system and method that provides an end user with a simple interface, that is accessible from any type of email client or service on any sender computing device without requiring software installation, that allows for integrated pass-through client/project billing, that can be integrated with a convenient multi-party archiving and content management system, that provides effective searches of certified email, that provides convenient web-based automated verification services, and that provides digital evidence in the form of a verifiable time stamp of the time and date of sending of the email, of the contents of the email (and any attachments), and of the sender and recipient electronic-delivery addresses.