This invention relates to a system for, and method of, proving the transmission, and the content of a reply by a recipient to a message transmitted by a sender to the recipient and proving the receipt of the reply by the sender.
In recent years e-mail has become an indispensable business tool. E-mail has replaced “snail mail” for many business practices because it is faster, cheaper and generally more reliable. But there remain some mail applications where hard copy is still dominant, such as registered and certified mail. For example, when a letter is sent by certified mail the sender is provided with a receipt to prove that the letter was mailed. A returned registered mail receipt adds the Postal Service's confirmation that the letter was successfully delivered to the addressee or the addressee's authorized agent. Additionally, private couriers such as Federal Express® and United Parcel Service® (UPS) provide some type of delivery confirmation. Since every piece of courier mail is, in effect, registered, it is natural for consumers to turn to these services when they want proof of delivery.
Many existing e-mail systems and e-mail programs already provide for some form of proof of delivery. For instance, some e-mail systems today allow a sender to mark a message with “request for notifications” tags. Such tags allow a sender to request notification that the message was delivered and/or when the message was opened. When a sender requests delivery notification, the internet e-mail system may provide the sender with an e-mail receipt that the message was delivered to the mail server or electronic in-box of the recipient. The receipt message may include the title of the message, the destination address, and the time of delivery. It may also include (depending on the types of “flags” that are provided and activated in the mailing software) a list of all the internet “stations” that the message passed through en route to its destination. This form of reporting is built into some of the rules and protocols which implement e-mail. Furthermore, when a message is sent with a “read notification” request, the recipient's e-mail program may send to the sender an e-mail notification that the recipient opened that message for reading. Many electronic mail clients can and do support this kind of reporting; however, internet protocols do not make this mandatory.
However, this does not mean that an e-mail sent with a notification request is as effective in all respects as registered mail. People certify and register letters because they want proof of delivery, e.g., proof that can be used in a civil or criminal proceeding, or proof that will satisfy a supervisor or a client or a government agency that a message has been sent, a job has been done, an order placed, or a contract requirement satisfied.
A registration receipt from the United States Postal Service (USPS) constitutes proof of delivery because the USPS stands behind it. The receipt represents the Post Office's confirmation that the letter or package in question was actually delivered to the addressee or his authorized representative. On the other hand, various hurdles exist to an e-mail receipt being admitted and relied upon as persuasive evidence in a court of law as a proof that the message was delivered. After all, the receipt may be just another e-mail message that could have been altered or created by anyone, at any time.
There exists a need for an e-mail system and/or method that can provide reliable proof of the content and delivery of an e-mail message in order to take fuller advantage of the convenience and low cost of communicating via e-mail.
To meet this need some systems have been established whereby senders may receive third party proof of delivery by enrolling in services whereby:
a) The sender transmits an electronic message to a third party together with a list of the document's intended recipients.
b) The third party sends a notification to each of the message's intended recipients inviting them to visit the third party's web site where the message can be viewed.
c) If the intended recipient visits the third party's web site to view the message, the third party records this visit so that the sender may know that his message has been read by the recipient.
The drawbacks of such systems are manifold. In the first place, they rely essentially on the co-operation of the recipient of the e-mail to collect his or her messages from the third party's service. But the circumstances in which a sender may want proof of delivery of a message are often ones in which it cannot be assumed that the intended recipient will co-operate in receiving the message. In such cases, e.g. where acknowledging receipt of the message would place a financial or legal burden on the recipient, the recipient can simply ignore the notification that mail is available for him to receive. Note that there is nothing in such a system to guarantee that the intended recipient has received notification of waiting mail. In the second place, such systems are cumbersome and slow to use as compared to regular e-mail insofar as it can require the sender and/or the recipient to connect to a World Wide Web site to send, collect and verify the delivery of each message. Moreover, transmission of documents by such methods may require both sender and receiver to upload and download files to a web site. Finally, because these methods require the third party to retain a copy of the whole of each message until such time as they are collected or expired, the methods can require its provider to devote substantial computational resources to data storage and data tracking over an extended period of time. As an alternative method of providing proof of delivery, some systems provide proprietary e-mail clients or web-browser plug-ins that will notify senders when a message has been received provided that a recipient uses the same e-mail client. The obvious disadvantage of such systems is that they require both sender and recipient to use the same e-mail client.
Therefore, there exists a need for an e-mail system/method that (1) can provide reliable proof of the content and delivery of electronic messages, (2) which does not require the compliance or co-operation of the recipient, (3) requires no special e-mail software on the part of sender or recipient, (4) operates with the same or nearly the same convenience and speed of use as conventional e-mail, and (5) can be operated economically by a service provider.
In co-pending application Ser. No. 09/626,577, filed by Dr. Terrance A. Tomkow and assigned of record to the assignee of record of this application, a system and method are disclosed and claimed for reliably verifying via secure and tamper-proof documentation the content and delivery of an electronic message such as an e-mail. Ideally, the invention disclosed and claimed in co-pending application Ser. No. 09/626,577 will give e-mail and other electronic messages a legal status on a par with, if not superior to, that of registered United States mail. However, it is not necessary to the invention that any particular legal status is accorded to messages sent according to the methods taught in co-pending application Ser. No. 09/626,577, as the invention provides useful information and verification regardless.
The invention disclosed and claimed in co-pending application Ser. No. 09/626,577 includes an electronic message system that creates and records a digital signature of each electronic message sent through the system. An originator may send a copy of the electronic message to the system or generate the electronic message within the system itself. The system then forwards and delivers the electronic message to all recipients (or to the designated message handlers associated with the recipients), including “to” addressees and “cc” addressees. Thereafter, the system returns a receipt of delivery to the originator of the electronic message. The receipt includes, among other things: the original message, the digital signature of the message, and a handshaking and delivery history including times of delivery to the recipients and a digital signature of the handshaking and delivery history. To later verify and authenticate information contained in the receipt, the originator or user sends a copy of the message, the digital signature of the message and the receipt to the system. The system then verifies that the digital signature is the digital signature of the original message. The system then sends a letter or provides other confirmation of authenticity verifying that the electronic message has not been altered.
The receipt may also include a digital signature of the handshaking and delivery history. The system may verify that this digital signature is a digital signature of the handshaking and delivery history. This provides a further verification that the message has not been altered.
The system disclosed and claimed in co-pending application Ser. No. 09/626,577 may include a form of e-mail server connected to the internet, which can be utilized in many ways. For instance, individual users can register their electronic messages, such as e-mails, by sending a “carbon copy” (“cc:”) to the system or composing the message within the system itself. For corporate or e-commerce users, these users can change their server to a server incorporating the present invention and have all of their external electronic messages registered, with the option of having the system retain and archive the receipts. The system can accept and verify encrypted electronic messages and manage the electronic messages within and/or outside a “fire wall.” For web-based users, i.e., individuals or corporations using web-based e-mails, such as MSN Hotmail® or Yahoo Mail®, such users could check a box or otherwise set a flag within their e-mail programs to select on a case-by-case basis whether to make the e-mails of record and/or to archive the messages using the system disclosed and claimed in co-pending application Ser. No. 09/626,577.
The digital signature can be created using known digital signature techniques, such as by performing a hash function on the message to produce a message digest and then encrypting the message digest. Separate digital signatures can be created for the body of the message, any attachments, and for the overall message including the body, the attachments, and the individual message digests. The encrypted message digest provides one type of message authentication or validation code, or secure documentation. Other message authentication and/or validation codes may also be generated and used.
In one aspect, the invention disclosed and claimed in co-pending application Ser. No. 09/626,577 is a method of providing proof regarding the delivery and content of an electronic message, comprising: receiving from a sender across a computer network an electronic message, the message having a delivery address associated therewith; computing a message digest according to the message; encrypting the message digest; sending the message electronically to a destination corresponding to the delivery address; recording the Simple Mail Transport Protocol (SMTP) or Extended SMTP (ESMTP) dialog which effects the delivery of the message; receiving Delivery Status Notification information associated with the message and the delivery address; providing to the sender an electronic receipt, the receipt comprising: a copy of the message, the encrypted message digest, the (E)SMTP transcripts, and at least a subset of the Delivery Status notification information, and, at a future date, receiving electronically the electronic receipt from the sender, verifying that the encrypted message digest corresponds to the message, and verifying that the message was received by an electronic message handler associated with the delivery address.
In another aspect, the invention disclosed and claimed in co-pending application Ser. No. 09/626,577 includes a method of verifying delivery of an electronic message, comprising: in a wide area network computer system, receiving an electronic message from a message sender for routing to a destination address; establishing communication with an electronic message server associated with the destination address, the server defining a destination server; querying the destination server to determine whether the destination server supports Delivery Status Notification (DSN) functionality; receiving a response to the query, the query and response together defining an SMTP dialog; requesting Delivery Status notification information from the destination server according to results of the SMTP dialog; transmitting the electronic message to the destination address; receiving DSN information from the destination server with respect to delivery of the electronic message; and providing to the message sender at least a portion of the SMTP dialog, and at least a portion of the DSN information.
In yet another aspect, the invention disclosed and claimed in co-pending application Ser. No. 09/626,577 includes a method of verifying content of a received electronic message, comprising: receiving the electronic message; generating a digital signature corresponding to the content of the received message; providing the message and the digital signature to a designated addressee; and, at a later time, verifying that the digital signature is the digital signature of the message.
In accordance with still another aspect of the invention disclosed and claimed in co-pending application Ser. No. 09/626,577, the method includes establishing whether a message was electronically received by a recipient, comprising: providing a message to be dispatched electronically along with a recipient's address from a sender; creating a signature associated with the message; dispatching the message electronically to the recipient's address; tracking the message to determine a final Delivery Status of the message dispatched to the recipient's address; upon receiving final Delivery Status of the message, generating a receipt, the receipt including a copy of the message, the signature, and the final Delivery Status for the message; and providing the receipt to the sender for later establishing that the message was electronically received by the recipient.
In accordance with yet another aspect of the invention disclosed and claimed in co-pending application Ser. No. 09/626,577, a method is provided for proving that an electronic message sent to a recipient was read, comprising: providing an electronic message along with a recipient's address; calculating a digital signature corresponding to the electronic message; dispatching the electronic message electronically to the recipient's address; requesting a Mail User Agent (email client “reading”) notification from the recipient; upon receiving the reading notification, generating a reading receipt, the reading receipt including a copy of the message, the digital signature for the corresponding electronic message, and a second digital signature for the reading receipt from the recipient; and providing the reading receipt for later verification that said message was received by the recipient.
The verification discussed in the previous paragraph may be provided by hashing the message to provide a first digital fingerprint and decrypting the digital signature of the message to provide a second digital fingerprint and by comparing the two digital fingerprints. The verification discussed in the previous paragraph may be further provided by hashing the reading receipt from the recipient to provide a third digital fingerprint, by decrypting the digital signature of the reading recipient from the recipient to provide a fourth digital fingerprint and by comparing the third and fourth digital fingerprints.
In accordance with another aspect of the invention disclosed and claimed in co-pending application Ser. No. 09/626,577, a method is provided for validating the integrity of a purported copy of an electronic message, comprising: receiving the purported electronic message copy, said purported copy including an encrypted message digest associated therewith; decrypting the encrypted message digest; generating a second message digest based on content of the purported copy; and validating the purported copy by comparing the decrypted message digest and the second message digest to determine whether the two message digests match.
In accordance with a still further aspect of the invention disclosed and claimed in co-pending application Ser. No. 09/626,577, a method is provided for validating a received registered e-mail, comprising: receiving an electronic receipt, said receipt including a base message and an encrypted message digest; decrypting the encrypted message digest; generating a second message digest from the base message; and validating the e-mail if the decrypted message digest matches the second message digest.
In yet another aspect, the invention disclosed and claimed in co-pending application Ser. No. 09/626,577 includes a website at which users can go to send and receive secure messages, with the website host acting as an independent third party which will send and receive the messages and provide secure documentation regarding the content and delivery of the messages.
In co-pending application Ser. No. 09/626,577, an authentication of a message provided by a sender to a server and sent by the server to a recipient is provided by the server to the sender. In one embodiment, the server transmits the message to a recipient. The message may pass through intermediate stations before it reaches the recipient. These intermediate stations and the times of the transmission to these intermediate stations are recorded. Other intermediate stations between the recipient and the server provide a record of their operations and the time of their operations in passing all of the information relating to the transmission of the message from the server to the recipient and relating to the transmission of the recipient of the message.
In co-pending application Ser. No. 09/626,577, a server transmits a message from a sender to a recipient. The message may pass through intermediate stations before it reaches the recipient. These intermediate stations, and the time for the transmission of the message to the intermediate stations form a part of the record received at the intermediate station. The intermediate stations receiving this record in the transmission of the record from the recipient, and the times for the transmission of the record to the intermediate stations, are also included in the record received at the server. The server then transmission to the sender this record, the message, the digital signature of the message and the digital signature of the attachment(s) defined by the record(s) of the intermediate stations and the times of the transmissions to the intermediate stations.
When the sender wishes to authenticate the message and the file history of the transmission of the message between the sender and the recipient, the sender transmits this information to the server and the server processes this information to provide the authentication.
Generally the server is hired by the sender to act as the sender's agent in transmitting a message electronically to a recipient. Since the server acts as the sender's agent, the sender is interested in authenticating that the server has transmitted the message properly to the recipient and in authenticating the time of transmission of the message to the recipient. The system and method disclosed and claimed in co-pending application Ser. No. 09/626,577 provides these authentications.
Sometimes the recipient is interested in authenticating the message transmitted to the recipient and in authenticating the time of the transmission of the message to the recipient. For example, this is important when the sender is a United States or state court, and the recipient is an attorney involved in representing a client in a matter before the courts and the message relates to a document that the attorney has to file on a short time basis in the court. Under such circumstances, the attorney may wish to have the message authenticated promptly and the time of the transmission of the message to the attorney authenticated promptly. As will be appreciated, any system of method addressing this problem should be simple, prompt and reliable.
The mostly widely practiced methods for authenticating the authorship and content of electronic messages involve applications of Public Key Cryptography. In such methods the sender of the message computes a digital digest or “hash” of the contents of the message and encrypts this information, together with other information identifying the sender, using the sender's private encryption key. The encrypted information is included as an attachment to the message. Upon receiving the message, the recipient authenticates its authorship and content by applying the sender's public encryption key to decrypt the attachment and then compares the decrypted digital digest with a digital digest of the received message.
There are several shortcomings with this system:                The system requires that the recipient posses software capable of performing the necessary cryptography and posses the requisite decryption keys. Some of the most commonly used mail clients, e.g., web based mail client, lack this capacity. The method is not universal among e-mail clients.        When a message is “digitally signed” in this manner any change to the message however innocent will result in a failure to authenticate. For example, the changes typically introduced into a message by forwarding it from most e-mail clients will change the message's digest and will result in a failure to authenticate. PKI digital signatures are, in this sense, fragile.        Finally, when a message fails to authenticate because it has changed, it is for all practical purposes, impossible for the recipient to know which portion of the message has changed or to reconstruct the original message. The method is not resilient.        
A system which provides senders with proof of delivery or sending and proof of content for electronic messages can provide users with a valuable record of their outbound communications. But users may also sometimes wish to have proof that a correspondent has replied to the message and of the content of that reply. Thus, for example, a contractor might e-mail a client an offer to perform a job of work for a stated fee and might wish some method of proving that the client replied approving the work. Mere possession of an email apparently from the client might not constitute such proof since e-mails can be easily forged or altered.