Patent application number | Description | Published |
20080263156 | Secure Transactional Communication - Systems for providing sign-up email addresses are disclosed herein. A user may set up a sign-up email address for receiving emails from a trusted, Internet-based enterprise. The user may set up a dedicated mailbox folder associated with the sign-up email address or enterprise. The email server may automatically direct emails coming from that enterprise into that folder. To “unsubscribe,” the user needs only to delete the folder or the sign-up address. Emails from the enterprise to the sign-up address may be highlighted in the user's main inbox. Thus, the user may be assured that any such email is truly from the enterprise, and not a phishing expedition or spam. Such systems also provide the user with effective tools to recognize phish or spam emails that appear to be from the trusted enterprise and not to act on them. | 10-23-2008 |
20090006851 | CONFIDENTIAL MAIL WITH TRACKING AND AUTHENTICATION - A method for confidential electronic communication between a sender workstation and a receiver workstation is provided, whereby privacy is guaranteed for the electronic communications transmitted over the public Internet. The method of confidential communication is equipped with message tracking and message receipt verification. The system for implementing the method includes a sender server that creates a session content encryption key along with a message envelope that includes a content encryption key encrypted message and a confidential mail token. The content encryption key is stored securely inside the sender organization's system which transmits the message envelope to an intended recipient. The intended recipient processes the message envelope in order to generate a message receipt verification, which is transmitted to the sender. The message receipt verification is processed by the sender server to verify that the message envelope reached the intended recipient. The message receipt verification, which is comprised of the confidential mail token and unique verification data generated by the intended recipient allows the sender server to verify that the message envelope reached the intended receiver and that the message envelope identified as received is authentic. Following verification that the message transmitted by the sender reached the intended receiver and is authorized, the sender transmits the content encryption key to the intended receiver. | 01-01-2009 |
20090319781 | SECURE MESSAGE DELIVERY USING A TRUST BROKER - An email security system is described that allows users within different organizations to securely send email to one another. The email security system provides a federation server on the Internet or other unsecured network accessible by each of the organizations. Each organization provides identity information to the federation server. When a sender in one organization sends a message to a recipient in another organization, the federation server provides the sender's email server with a secure token for encrypting the message to provide secure delivery over the unsecured network. | 12-24-2009 |
20090320109 | SIGNED EPHEMERAL EMAIL ADDRESSES - Architecture for generating a temporary account (e.g., an email address) with a user-supplied friendly name and a secret used to the sign the temporary account. For example, when a user wishes to create a temporary email address to use with an online organization, a friendly name is provided and the system generates a temporary email address including the friendly name. A signing component signs the temporary email address with a secret. One or more of these secrets can be provisioned prior to the user's creation of a friendly name, which eliminates propagation delay. During use, only incoming email messages having the temporary email address signed with the secret are validated. When the user revokes the temporary email address, the secret is revoked and the revocation is propagated to network gateways, rejecting any email sent to that address. | 12-24-2009 |
20100306535 | Business To Business Secure Mail - Business to business secure mail may be provided. Consistent with embodiments of the invention, a protected message may be received. The recipient may request a token from a trust broker, submit the token to an authorization server associated with the sender, receive a user license from the authorization server; and decrypt the protected message using the user license. The protected message may restrict actions that may be taken by the recipient, such as forwarding to other users. | 12-02-2010 |
20110173272 | FILTERING OF ELECTONIC MAIL MESSAGES DESTINED FOR AN INTERNAL NETWORK - A perimeter network may be utilized to filter electronic mail messages destined for an internal network. A computer may be utilized to monitor an electronic mail mailbox for changes to a safe recipients list and/or a blocked senders list. The computer may further be utilized to automatically copy the safe recipients list and/or the blocked senders list to a network directory in the internal network. The computer may further be utilized to automatically send the safe recipients list and/or the blocked senders list to a network directory in the perimeter network for utilization by one or more agents executing on a computer in the perimeter network. The one or more agents may be configured to utilize the safe recipients list and/or the blocked senders list to filter electronic mail messages received by the perimeter network which are destined for delivery to the internal network. | 07-14-2011 |
20120079268 | SEPARATING AUTHORIZATION IDENTITY FROM POLICY ENFORCEMENT IDENTITY - The present invention extends to methods, systems, and computer program products for separating authorization identity from policy enforcement identity. Embodiments of the invention extend the consumption phase for protected information. Two identities, an authorization identity and a policy enforcement identity, are used for acquiring, issuing and enforcing usage license instead of one identity certificate. The authorization identity is used to evaluate against usage policy. The authorization identity is similar to identification information in an identity certificate. The policy enforcement identity is used to ensure the confidentiality of granted permissions and content key. The policy enforcement identity enforces a usage license on an authorization principal's (e.g., recipient's) machine. The policy enforcement identity's enforcement of a usage license is similar use of a cryptographic key in an identity certificate. | 03-29-2012 |
20120159268 | Alerting Recipients to Errors Occurring when Accessing External Services - A hosting provider operates a server system that provides a service to one or more tenants. The server system receives configuration data from the tenants. As part of providing the service to a given tenant, the server system attempts to access an external service due to the configuration data received from the given tenant identifying the external service. Service access errors can occur when attempting to access the external service. In response to determining that an error has occurred when attempting to access the external service, the server system sends a service access alert to a recipient associated with the given tenant. The service access alert notifies the recipient that the error has occurred. | 06-21-2012 |
20140245000 | SECURE MESSAGE DELIVERY USING A TRUST BROKER - An email security system is described that allows users within different organizations to securely send email to one another. The email security system provides a federation server on the Internet or other unsecured network accessible by each of the organizations. Each organization provides identity information to the federation server. When a sender in one organization sends a message to a recipient in another organization, the federation server provides the sender's email server with a secure token for encrypting the message to provide secure delivery over the unsecured network. | 08-28-2014 |
20140258435 | ALERTING RECIPIENTS TO ERRORS OCCURRING WHEN ACCESSING EXTERNAL SERVICES - A hosting provider operates a server system that provides a service to one or more tenants. The server system receives configuration data from the tenants. As part of providing the service to a given tenant, the server system attempts to access an external service due to the configuration data received from the given tenant identifying the external service. Service access errors can occur when attempting to access the external service. In response to determining that an error has occurred when attempting to access the external service, the server system sends a service access alert to a recipient associated with the given tenant. The service access alert notifies the recipient that the error has occurred. | 09-11-2014 |
20140331310 | SIGNED EPHEMERAL EMAIL ADDRESSES - Architecture for generating a temporary account (e.g., an email address) with a user-supplied friendly name and a secret used to the sign the temporary account. For example, when a user wishes to create a temporary email address to use with an online organization, a friendly name is provided and the system generates a temporary email address including the friendly name. A signing component signs the temporary email address with a secret. One or more of these secrets can be provisioned prior to the user's creation of a friendly name, which eliminates propagation delay. During use, only incoming email messages having the temporary email address signed with the secret are validated. When the user revokes the temporary email address, the secret is revoked and the revocation is propagated to network gateways, rejecting any email sent to that address. | 11-06-2014 |