NONE
The present invention is directed to a secure electronic messaging system that notifies the sender of a message when the intended recipient has received the message.
To send electronic mail (e-mail) to a recipient, the sender generates the message contents, affixes to the message an identifier for each desired recipient, and transmits the message using the appropriate e-mail infrastructure. Proprietary e-mail products designed for departmental or enterprise use (Microsoft Exchange, Lotus Notes and Novell Groupwise, among others) are examples of such infrastructures. In addition, the Internet provides a standard infrastructure through which e-mail can be addressed and exchanged between senders and recipients outside the department or enterprise.
To send e-mail to a recipient across the Internet, a sender assembles the message contents, affixes to the message the Internet e-mail addresses of the desired recipients, and transmits the message using the Internet e-mail infrastructure. The Internet e-mail infrastructure consists of a group of cooperating mail transfer agents, which perform xe2x80x9cbest-effortxe2x80x9d delivery on behalf of the sender, using a xe2x80x9cstore and forwardxe2x80x9d mechanism. That is, when the sender transmits an e-mail message using the Internet e-mail infrastructure the message may pass through a number of intervening mail transfer agents, each of which takes responsibility for forwarding the message along the route to the eventual destination or destinations. From the sender""s viewpoint, once an Internet e-mail message has been transmitted, it is presumed to have been delivered to the recipient or recipients, unless notified otherwise. However, the sender cannot actually determine whether the recipient has in fact received the message, for example if one of the intervening mail transfer agents or network links has silently failed.
One solution to this latter problem is to set up an electronic xe2x80x9cpost officexe2x80x9d, such as that disclosed in U.S. Pat. No. 5,790,790 to Smith et al., whose contents are incorporated by reference to the extent necessary to understand the present invention. In such a system, a sender sends a message to a server and provides the recipient""s e-mail address. The server then notifies the recipient that the server holds the recipient""s message. Subsequently, the recipient downloads the message from the server and, when this happens, the server informs the sender that the recipient has retrieved the message. One drawback with this method, however, is that the message is transmitted through a mail transfer agent and held by a third party specially modified to generate return receipt information.
The present invention is directed to a method and apparatus that informs the sender of a message that the intended recipient has received a message, without having to send the message through a modified mail transfer agent.
More particularly, the invention implements a means for notifying message senders of an attempt by the recipient to access the contents of a message. Before sending a message, the sender contacts an external entity, known as a Key Server, to obtain an encryption key. The Key Server generates an pair of message keys, stores a copy of the decryption key, and returns the encryption key to the sender along with some information that can be used to retrieve the decryption key at a later time. The sender uses the encryption key to encrypt the message contents. The sender then transmits the message and the key retrieval information to the intended recipient using the existing mail infrastructure. When the recipient receives the message and wishes to read it, the recipient uses the key retrieval information provided in the message to retrieve the decryption key from the Key Server. When the key has been successfully obtained, the recipient decrypts the message to access the contents. When the Key Server determines that a particular decryption key has been retrieved, it notifies the original sender that the key has been retrieved. This basic methodology provides the sender with reasonable notification that the message was received by the intended recipient, and that the recipient has attempted to access the contents of the message.