The present invention relates generally to methods and systems for facilitating the transmission of secure messages over an insecure network and, in particular, is directed to methods and systems for encapsulating security procedures, a recipient's security procedure information, and electronic mail address information in a software object.
The Internet has quickly become a popular tool for communicating and conducting business. The Internet is a very large network of smaller interconnected local area networks (LANs) and wide area networks (WANs). By 1995, Internet access was available in 180 countries and there were more than 30 million users. Many expect that the number of worldwide users of the Internet will exceed 100 million by the year 2000.
People communicate with one another over the Internet using electronic mail, that is, e-mail. Using e-mail, a user on the Internet can transfer messages entered from the keyboard or attach and send large electronic files to another user on the Internet almost instantaneously. As used herein, the term "message" includes not only text messages but also files, documents, and any other data to be transmitted from a sender to a recipient, and any combination thereof unless the context indicates otherwise. The Internet is also used to conduct a broad range of commercial and financial transactions. Parties use the communication capabilities of the Internet to enter into contracts electronically and use electronic funds transfers (EFTs) to satisfy the resulting financial obligations. An EFT involves the movement of funds from one bank account to another in response to electronically-communicated payment instructions.
Although the Internet offers a fast, reliable, and efficient way to communicate and conduct business, information transmitted can be vulnerable to security breaches. Without adequate security controls, privileged and confidential communications, financial information, and other communications involving private data that are sent via e-mail could possibly enter the public domain with disastrous results. Professionals and their clients may be exposed to significant risks including financial liabilities or the career-ending loss of professional status.
Technologies currently exist that allow a user to protect private information transmitted over the Internet. Public-key cryptography, for example, is a process that allows users to secure communications with the use of a public-private key pair. Using public-key cryptography, a sender of confidential information uses a public-key algorithm and a public key specified by the intended recipient to encrypt the data. The encrypted data can then be transmitted via any public means, including the Internet, without loss of privacy. The intended recipient uses a private key known only to the recipient and a public-key algorithm to decrypt the data. For more details on public-key cryptography, see Bruce Schneier, Applied Cryptography (1996), pp. 31-34.
Many software providers have developed software products designed to make digital security and public-key cryptography more convenient for the user. One such software package is the Pretty Good Privacy ("PGP") software package offered by Pretty Good Privacy, Inc. Even using software like PGP, however, the process of sending an encrypted document may still be too difficult or time-consuming for many users. First, before sending an encrypted e-mail to a recipient, for example, the sender must first obtain the recipient's public key. Even if the key is posted on a public or corporate key server, the sender will have to spend some amount of time to find and access it. Second, the sender must import the recipient's key into his or her operating version of the encryption software by, for example, cutting and pasting the key text from the key server's page or typing in the key information directly. Both methods are prone to errors and, as a result, the encryption feature will not function properly. Lastly, even if the sender implements the encryption software correctly, the intended recipient may not be operating a compatible software package.
The present invention provides methods and systems for facilitating the transmission of a secure message across an insecure network by encapsulating a security procedure that is compatible with the recipient in a security software object that is transmitted to the sender. The present invention further provides methods and systems for facilitating transmission of a secure message across an insecure network by encapsulating security information used by the security procedure, such as the recipient's public key, in the security software object.
The present invention further provides methods and systems for transmission of a secure message across an insecure network by encapsulating the recipient's communications procedure and routing information to facilitate transmitting the encrypted data to an intended recipient.