1. Statement of the Technical Field
The present invention relates to message security, and more particularly to the offline securing of an electronic message.
2. Description of the Related Art
Electronic messaging applications, including electronic mail, text messaging and instant messaging, have proven to be the most widely used computing applications globally. Though electronic messaging applications, particularly electronic mail (“e-mail”), have been a commercial staple for several decades, due to the explosive popularity and global connectivity of the Internet, electronic messaging has become the preferred mode of communications, regardless of the geographic separation of communicating parties. Today, more electronic messages are processed in a single hour than phone calls. Clearly, electronic messaging as a mode of communications has been postured to replace all other modes of communications save for voice telephony.
Strictly speaking, electronic messages are documents which has been commonly formatted and which can be carried as a payload to a transport controlled message in an inter-process communications session between two or more computing devices. Messaging client software can be charged with the composition of the underlying payload and its configuration into a commonly recognizable format. Messaging client software further can be charged with the interpretation of a received message from its commonly known format into a presentable format which can be understood by the recipient.
Electronic messages, like their legacy counterparts, demand a high level of security in many circumstances. Unlike traditional paper messages, however, the identity of the author and/or the recipient cannot always be ascertained without difficulty. In addressing these difficulties, security technologies, including encryption and authentication, have been applied to the electronic messaging paradigm. In this regard, not only can the contents of a message be encrypted, potentially using highly secure, asymmetrical encryption techniques, but also the identity of the communicating parties can be assured through interactions with a certificate authority or some other such authenticating scheme.
To facilitate the signing and encryption of a message, or the authenticating and decryption of a received message, messaging systems—both client-side and server-side—can rely upon access to a centralized certificate authority acting as a common repository for publicly accessible encryption keys and certificates of identity. For occasional access, the use of a centralized certificate authority can suffice. For larger scale deployments, however, repeated access to a centralized certificate authority can be problematic in view of the resources required to repeatedly access a centralized data store of key and certificate information. Moreover, when a messaging client attempts to process a secure message while offline, it will not be possible to retrieve the necessary key and certificate information from a centralized repository.
To address the problem of incorporating messaging security to accommodate offline processing of secure messages, some messaging systems have included technology directed to security data replication, including key replication. In key replication, the content of a key store in an external certifying authority can be replicated to a local data store from which privately coupled clients can access the keys, whether online or offline. In this way, privately coupled clients need not access an external and remote network to locate a required key or certificate to process a secure message. The key replication process, itself, however, can be costly in terms of resource consumption. In fact, the size of the data retrieved from a remote key store can be staggering in that all keys are retrieved and stored during the replication process.