The present invention relates to improving the security of data transmission between computers across a global network of computers, i.e. the Internet. In particular the present invention is directed to a method and system for improving the security of messages transmitted from a client to a network server and then to a destination server on the same (intranetworks) or different (internetworks) network systems.
Computer networks, particularly internetworks, can be vulnerable to security breaches. The degree of security of each component in the network differs, in part because each entity may be protected by varying layers of physical and operational security. Furthermore, each component or network in an internetwork may be owned or controlled by different organizations whose security practices differ widely. The interconnections between the computers may be similarly insecure. Part of the network may use physically insecure links, such as telephone lines or microwave links, hackers and interlopers may eavesdrop or intercept communications over the telephone line and modify them according to their wishes or copy them for later use. Interlopers who copy login and/or command information have the potential to use that information to gain access to other computers on the network.
An internal computer network, an intranet, or an external global computer network, the internet, use standard communication protocols such as Transfer Control Protocol/Internet Protocol (TCP/IP) to transfer messages and data from one computer system to another. However, many email transmissions and file transfers are not directly supported by TCP/IP but instead are implemented through application specific protocols that relay on TCP/IP for basic data transport services. Most email transmissions are in fact sent as unencrypted data in clear text format that may be intercepted and read by those other than the intended recipient.
Prior art systems have been developed to address network security issues. For example, two authentication protocols, Secure Sockets Layer (SSL) and Hyper Text Transfer Protocol Secure (HTTPS), have been designed specifically to protect the information being transmitted across the Internet by using encryption. Both the client and the destination server must support SSL. SSL is an independent application that operates at the Transport layer, meaning that it operates with application protocols such as HTTP, ftp, telnet, gopher, Network New Transport Protocol (NNTP), and Simple Mail Transport Protocol (SMTP). SSL supports several cryptographic algorithms to handle the authentication and encryption routines between the client and the server.
Encryption mechanisms have been developed to ensure the integrity of information sent over the Internet. Two common encryption techniques are symmetric key encryption and public key encryption. In a symmetric key encryption, a unique key is identified and used by the sender to encrypt and by the receiver to decrypt a message. In public key encryption, separate keys are used to encrypt and decrypt.
Both symmetric key and public key encryption require a key exchange. That is, where symmetric key encryption is used, the sender must provide the recipient with the key so that the recipient can decrypt an associated message. In public key encryption, the key exchange includes the publication of a recipient's public key that in turn is used by the sender to encrypt a message. A corresponding private key is used by the recipient to subsequently decrypt the encrypted message. Publication can be by posting the public key, for example, to a central site, or by providing the public key directly to the sender.
In these scenarios, the recipient's computer must include a decryption engine (software that used an appropriate key to decrypt the message). Because there are a variety of encryption algorithms being used on the Internet, a recipient needs to have many different types of decryption engines installed to be able to receive secure messages universally. If the intended recipient does not have a particular decryption engine, the sender cannot utilize that particular encryption technique to send the secure message. For those recipient's who do not have any decryption engine installed, the message simply cannot be sent securely.
A common solution to this problem is to install software based applications onto local email servers that encrypt email text and then require a recipient to provide a key or identifier to decrypt the message. This requires the sender to communicate the key or identification protocol that must be used by a recipient in order to decrypt and receive the message. Some software based applications may use internal identifiers and time certificates to verify the identification of the sender and recipient and automatically allow an encrypted message to be received between the identified sender and recipient, based upon software and encryption/decryption protocols installed by the sender and recipient. However, if the encryption/decryption software protocols are not installed or are incompatible between the sender and recipient then the message cannot be received or conversion and extraction software protocols must be used to modify the sender or recipients email transmission protocols in order to allow an encrypted message to be read.
The application of a forwarding server that modifies and re-encrypts an encrypted email message to match the delivery preferences of a recipient is described by Cook in U.S. Pat. No. 6,732,101. This application however requires that the sender and recipient to create public and private keys that are used by the software application to allow a wrapping application to secure the email transmission by adding an additional layer to the message that allows decryption of the message only if the proper public and/or private key is provided.
Cook further describes a web browser application that would allow access to minimally secured messages from a sender to a recipient that does not have the proper encryption protocols installed. The web browser communication would use a Secure Socket Layer (SSL) protocol to allow access to the minimally secure email messages. However to view highly secure encrypted messages the recipient must be fully configured with decryption tools and programs to access the secure transmission.
A need exists for a secure email transmission protocol that does not require specialized and compatible encryption software but would allow encrypted messages to be received by email servers that do not have decryption tools in order to accept and access encrypted messages. The solution is to provide a secure email server that allows only the intended recipient of a message to log onto and view the encrypted message and wherein the secure email server does not require the recipient to install additional software to access the encrypted message on the secure server.