US2003196098A1PendingUtilityA1

E-mail firewall with stored key encryption/decryption

47
Assignee: TUMBLEWEED COMM CORPPriority: Jul 24, 1997Filed: Apr 21, 2003Published: Oct 16, 2003
Est. expiryJul 24, 2017(expired)· nominal 20-yr term from priority
H04L 63/0227H04L 51/212H04L 2209/76H04L 63/0245H04L 51/063H04L 63/0464H04L 63/0263H04L 51/224H04L 63/0428
47
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

An e-mail firewall ( 105 ) applies policies to e-mail messages ( 204 ) between a first 5 site and a plurality of second sites in accordance with a plurality of administrator selectable policies ( 216 ). The firewall comprises a simple mail transfer protocol (SMTP) relay ( 202 ) for causing the e-mail messages ( 204 ) to be transmitted between the first site and selected ones of the second sites. A plurality of policy managers ( 216 ) enforce-administrator selectable policies. The policies, such as encryption and decryption policies, comprise at least a first source/destination policy ( 218 ), at least a first content policy ( 202 ) and at least a first virus policy ( 224 ). The policies are characterized by a plurality of administrator selectable criteria ( 310 ), a plurality of administrator selectable exceptions ( 312 ) to the criteria and a plurality of administrator selectable actions ( 314, 316, 322 ) associated with the criteria and exceptions. The policy managers comprise an access manager ( 218 ) for restricting transmission of e-mail messages ( 204 ) between the first site and the second sites in accordance with the source/destination policy ( 218 ). The policy managers ( 216 ) further comprise a content manager ( 220 ) for restricting transmission of e-mail messages ( 204 ) between the first site and the second sites in accordance with the content policy ( 220 ), and a virus manager ( 224 ) for restriction transmission of e-mail messages ( 204 ) between the first site and the second sites in accordance with the virus policy ( 224 ).

Claims

exact text as granted — not AI-modified
What is claimed is:  
     
         1 . A computer based encryption and decryption system comprising: 
 (a) means 
 (i) for determining whether digital input information including as content at least one of a body of a message and a file attachment is encrypted using a cryptographic key, and  
 (ii) for decrypting the digital input information using a private decryption key of a public key pair  
 prior to applying policies that analyze the content of the digital input information; and  
   (b) a policy manager configured to apply the policies, the policies including a virus policy for detecting and eradicating a detected virus;    wherein:    (c) the private decryption key is apart from the content of the digital input information and    (d) decryption is done without using decryption executables contained in a header corresponding to the digital input information when a header is present.    
     
     
         2 . The system of  claim 1 , wherein the means for decrypting decrypts the digital information content to facilitate content analysis prior to allowing subsequent use of the decrypted digital input information on a computer system.  
     
     
         3 . The system of  claim 1 , wherein the means for decrypting decrypts the digital information content to facilitate content analysis prior to allowing subsequent transfer of the decrypted digital input information.  
     
     
         4 . The system of  claim 1 , wherein the means for decrypting uses a private decryption key which has been stored by the system.  
     
     
         5 . The system of  claim 1 , wherein the policy manager performs real time content analysis of the digital input information before allowing the digital input information to be passed to a designated recipient.  
     
     
         6 . The system of  claim 1 , wherein the policy manager is further configured to defer, quarantine, return to sender, or drop the digital input information as a result of the content analysis.  
     
     
         7 . A computer based encryption and decryption method, said method comprising the steps of: 
 (a) determining whether digital input information that includes as content at least one of a body of a message and a file attachment is encrypted;    (b) decrypting the digital input information without using decryption executables included in a header corresponding to the digital input information when a header is present if it is determined that the digital input information is encrypted; and    (c) providing content analysis including performing virus detection to facilitate eradication of a detected virus subsequent to decrypting the digital information.    
     
     
         8 . The encryption and decryption method of  claim 7 , wherein the step of providing content analysis includes decrypting the digital information content to facilitate content analysis prior to allowing subsequent use of the decrypted digital input information on a computer system.  
     
     
         9 . The encryption and decryption method of  claim 7 , wherein the step of providing content analysis includes decrypting the digital information content to facilitate content analysis prior to allowing subsequent transfer of the decrypted digital input information.  
     
     
         10 . The encryption and decryption method of  claim 7 , wherein the step of decrypting includes using a private decryption key which has been stored by the system.  
     
     
         11 . The encryption and decryption method of  claim 7 , further including the step of deferring decrypted information prior to dissemination of the digital input information within the network.  
     
     
         12 . The encryption and decryption method of  claim 7 , wherein the step of providing content analysis includes the step of performing real time content analysis of the digital input information before allowing the digital input information to be passed to a designated recipient.  
     
     
         13 . A storage medium comprising: 
 a program executable by a computing mechanism that facilitates the following steps: 
 (i) determining whether digital input information that includes as content at least one of a body of a message and a file attachment is encrypted;  
 (ii) decrypting the digital input information without using decryption executables included in a header corresponding to the digital input information when a header is present if it is determined that the digital input information is encrypted; and  
 (iii) applying content analysis to the decrypted digital input information prior to allowing use of the decrypted digital input information, wherein content analysis includes performing virus detection to facilitate eradication of a detected virus.  
   
     
     
         14 . The storage medium of  claim 13 , wherein decrypting includes using a private decryption key which has been stored by the system.  
     
     
         15 . The storage medium of  claim 13 , wherein the program also facilitates decryption operation on the encrypted digital input information to facilitate content analysis prior to transferring of the digital input information for use by a target application.  
     
     
         16 . A computer based encryption and decryption system comprising: 
 (a) means 
 (i) for determining whether digital input information including as content at least one of a body of a message and a file attachment is encrypted using a cryptographic key, and  
 (ii) for decrypting the digital input information using a private decryption key of a public key pair prior to applying policies that analyze the content of the digital input information; and  
   (b) a policy manager configured to apply the policies, the policies including a virus policy for detecting and eradicating a detected virus; 
 wherein:  
   (c) the private decryption key is apart from the content of the digital input information and    (d) has been stored by the system for access at the time of decryption.    
     
     
         17 . The encryption and decryption system of  claim 16 , wherein the means for decrypting decrypts the digital information content to facilitate content analysis prior to allowing subsequent transfer of the decrypted digital input information.  
     
     
         18 . An encryption and decryption method comprising: 
 providing content analysis by determining whether digital input information that includes at least one of a file, document and at least part of a body of a message is encrypted and    generating a decryption request to a decryptor to decrypt the encrypted digital input information prior to applying content analysis to facilitate content analysis within the encrypted digital input information; and decrypting the encrypted digital input information prior to completion of the content analysis    wherein content analysis includes performing virus detection to facilitate eradication of a detected virus,    wherein decrypting is done without using decryption executables contained in a header corresponding to the digital input information, if a header is present.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.