1. Field of the Invention
The present invention relates to encryption and mechanisms for screening data. More specifically, the present invention relates to a method and an apparatus for performing content screening on data that is protected by end-to-end encryption.
2. Related Art
The advent of computer networks has led to an explosion in the development of applications, such as electronic mail, that facilitate rapid dissemination of information between computer systems across computer networks.
One problem with sending information across computer networks is that it is hard to ensure that sensitive information is kept confidential. This is because a message containing sensitive information can potentially traverse many different computer networks and many different computer systems before it arrives at its ultimate destination. An adversary can potentially intercept a message at any of these intermediate points along the way.
One way to remedy this problem is to xe2x80x9cencryptxe2x80x9d sensitive data using an encryption key so that only someone who possesses a corresponding decryption key can decrypt the data. (Note that for commonly used symmetric encryption mechanisms the encryption key and the decryption key are the same key.) For example, a person sending sensitive data across a computer network can encrypt the sensitive data using the encryption key before it is sent across a computer network. At the other end, the recipient of the data can use the corresponding decryption key to decrypt the data.
Another problem with transferring data across a computer network is that it is hard to ensure that data which is received from the computer network is harmless. For example, the data may contain a computer virus, which can harm a computer system, or the data may contain information that violates a company policy.
In order to remedy this problem, communications entering a protected group of computer systems can be channeled through a xe2x80x9cfirewall.xe2x80x9d This allows the firewall to perform xe2x80x9ccontent screeningxe2x80x9d in order to filter out harmful or unwanted communications from entering the protected group of computer systems.
Unfortunately, the use of a firewall can interfere with encryption. The most secure method of encryption is xe2x80x9cend-to-end.xe2x80x9d End-to-end encryption typically entails setting up an encrypted xe2x80x9ctunnelxe2x80x9d between processes on different computer systems in order to allow the processes to communicate with each other. All communications passing through the tunnel are encrypted using a session key, which is negotiated between the processes during initialization of the tunnel.
In order to perform content screening, existing systems terminate an encrypted tunnel at the firewall. This allows the firewall to perform the content screening, but it does not provide end-to-end encryption for the communication.
Another solution is to perform the content screening after a message reaches a client computer system within the firewall. For example, virus scanners typically operate on a client computer system. Performing content screening on a client computer system makes it possible to provide end-to-end encryption. However, there are a number of drawbacks in doing so. (1) Content screeners (such as virus scanners) often require updating more frequently than a client system is likely to be updated. (2) Content screeners must often be explicitly activated by a user of the client computer system in order to screen the data. (3) Also, client computer systems within the firewall may not be completely trusted to enforce a content screening policy.
Hence, what is needed is a method and an apparatus for providing content screening in a system that provides end-to-end encryption without performing the content screening at a destination computer system.
One embodiment of the present invention provides a system that performs content screening on a message that is protected by end-to-end encryption. The system operates by receiving an encrypted message and an encrypted message key at a destination from a source; the encrypted message having been formed by encrypting the message with a message key; the encrypted message key having been formed by encrypting the message key. The destination forwards the message to a content screener in a secure manner, and allows the content screener to screen the message to determine whether the message satisfies a screening criterion. If the message satisfies the screening criterion, the destination receives a communication from the content screener that enables the destination to process the message.
In one embodiment of the present invention, the system decrypts the encrypted message key at the destination to restore the message key, and forwards the message key along with the encrypted message to the content screener. This enables the content screener to decrypt the encrypted message using the message key.
In one embodiment of the present invention, the system decrypts the encrypted message key at the destination to restore the message key, and then decrypts the encrypted message with the message key to restore the message before sending the message to the content screener.
In one embodiment of the present invention, the system receives the encrypted message and the encrypted message key at the destination via a firewall. The firewall encrypts the encrypted message with a second message key, which is known to the content screener, but is not known to the destination. Upon receiving the encrypted message and the encrypted message key, the destination decrypts the encrypted message key to restore the message key, and sends the message key along with the encrypted message to the content screener.
In a variation on this embodiment, receiving the communication that enables the destination to process the message includes receiving the encrypted message from the content screener after the encrypted message has been decrypted with the second message key, so that the destination is able to decrypt the encrypted message with the message key.
In another variation on this embodiment, receiving the communication that enables the destination to process the message includes receiving the second message key from the content screener. This second message key enables the destination to decrypt the encrypted message.
In one embodiment of the present invention, the content screener screens the message by, screening the message for a virus, screening the message in order to detect a policy violation within the message, or screening the message to detect keywords of interest in the message.
In one embodiment of the present invention, the system forwards the message to the content screener in the secure manner by forwarding the message to the content screener in the clear under protection of a firewall; encrypting the message with a content screener public key belonging to the content screener prior to forwarding the message; encrypting the message with a secret key known to the content screener prior to forwarding the message; or forwarding the encrypted message to the content screener without decrypting the encrypted message.