SECURE WEB-BASED MAIL AND AUTHENTICATION SYSTEM
Technical Field and Background Art This application claims the benefit of U.S. Provisional Application no. 60/091 ,484, filed July 2, 1998.
It is a well known fact that the Internet is not secure. Send information via the Internet, and you run the risk of having others intercept it. To prevent this, encryption systems have been devised to shield the information from all but the sender and the intended recipients. Although such measures accomplish the desired goal, they require the installation of special software on both the sender's and recipient's computers. Further, the complexity of the software occasionally prevents the completion of a secure channel. Additionally, mail headers in messages can be forged, permitting unauthorized assumption of others' identities. When such messages are received, the recipient has no readily-available means of determining the authenticity of the purported identities.
Brief Description of Drawings Figures 1-3 are block diagrams of a secure web-based mail system;
Figure 4 is a flowchart of the method of acquiring a secure mail channel; Figure 5 is a flowchart of the method of authenticating the identity of the sender; and
Figure 6 is a block diagram of a secure mail system with multiple web-based e- mail systems.
Modes for Carrying Out the Invention
By creating a secure connection between an Internet user and a web-based electronic mail provider, mail and any attachments or other data can be sent by the originator securely without the need for additional software, such as an encryption package (e.g., PGP) or a specialized electronic mail software package (e.g., Eudora).
The recipient retrieves the mail through a secure connection to the same electronic mail provider, insuring that the mail remains confidential. Additionally, messages sent through the web-based electronic mail provider can be authenticated by virtue of a secure log-in process. A system for secure mail transmission is illustrated in the block diagram of
Figure 1. Users A and B are computers with browsers 10 that interact with a network-based messaging system, such as a web-based electronic mail (or "e-mail") system 100 through a public, on-line electronic communications network, such as the Internet or some other network. The web-based e-mail system 100 may comprise a web server 110, an e-mail client 120 having a web-based user interface 122, a mail transfer agent or MTA 130 (such as an SMTP server), a mail server such as a POP (post office protocol) server 140, and a message storage device 150. Users A and B and the web-based e-mail system 100 typically connect to the Internet through Internet service providers or ISPs 20. To obtain a secure communications link, the web-based e-mail system 100 invokes a secure protocol, such as secure "http" or "https" (hypertext transport protocol under SSL or secure socket layer; see, e.g., U.S. Patent No. 5,657,390, titled "Secure socket layer application program apparatus and method," incorporated herein by reference), SSH (secure shell), PCT (Microsoft's private communications technology), TLS (transport layer security), or some other protocol that provides a secure connection.
Software for the desired protocol could reside in the web server 110. The user requires only a protocol-compatible software package device such as a conventional web browser (e.g., Netscape Communicator or Microsoft Internet Explorer); no additional software or hardware is required. The web-based e-mail system 100, in concert with the browser, creates an encrypted channel or link between the user's browser and the web server 110 using the routine determined by the protocol. In the case of SSL, a secure session is started by changing the protocol from "http" to "https."
A secure connection may be created at any one of the following points: (1 ) prior to or immediately upon log-in to the e-mail service, either automatically or at the user's request; (2) when an e-mail message is composed, again either automatically or at the
user's request; or (3) automatically based upon a user or subscriber profile. The point at which the secure connection is created may be chosen to suit the application and is a matter of design choice; the secure connection could be created at times and in ways other than those mentioned, as well, if desired. Initially, a user connects to the Internet and logs onto the web-based e-mail service, resident in the web-based e-mail system 100. Optionally, the user can enter a password when requested to do so, and the server can verify the identity of the user, based on previously-stored information. The user can then select from options including reading and sending mail. Additionally, if the user's profile so provides, a secure connection is automatically established using https or some other protocol, or, if the system is so configured, the user may request a secure connection if one does not exist.
If the user desires to create and send a message in a secure fashion, the user first requests a secure connection and, if one does not already exist, the system invokes the appropriate protocol. Then, the user composes the message and the message is sent. A configuration that will accomplish the foregoing is illustrated in Figure 2, showing a secure link 30 between the browser of user A and the web-based e-mail system 100. A method for achieving this is outlined in the left-hand column of the flowchart of Figure 4. The message may contain text, data, graphics, audio, and/or video. By virtue of the secure link 30, user A functions as a virtual remote terminal communicating with the web-based e-mail system 100 via the Internet under the secure protocol.
The recipient or recipients of the message (user B, user C, etc.) connect to the Internet and then log onto the web-based e-mail system 100. Again, the identity of the recipient may be confirmed by a password or some other device. If mail generated under the secure protocol is present for the recipient(s), a secure link 30 between the recipient(s) and the web-based e-mail system 100 is established or confirmed, as shown in Figure 3 (an additional secure link to a second recipient, user C, shown dashed), and the mail is retrieved. Here, the recipients are functioning as virtual remote terminals ofthe web-based e-mail system 100. A method for accomplishing the retrieval is illustrated in the right-hand column of the flowchart of Figure 4.
The system can be configured to confirm that the message was sent and retrieved under secure conditions as well as authenticate the sender's identity. If the sender is a user of the web-based e-mail service, the sender's e-mail address or other identification information (and, therefore, the sender's identity) is authenticated by the password or some other method of authentication used to enter the e-mail service. If a secure and/or authenticated connection is used when the message is originally sent, the web-based e-mail system 100 can add a secure-transmission/authentication device to the message, such as a tag placed in the message header, upon its arrival at the e-mail system 100. When the recipient logs onto the system and the message is retrieved, the web-based e-mail system 100 could indicate to the recipient that the message was received under secure conditions and could also authenticate the identity ore-mail address ofthe sender. The secure-transmission/authentication device (such as a tag) can be stripped from the message when the message leaves the web-based e-mail system 100. A method for confirming the identity of the sender is illustrated in the flowchart of Figure 5. This method can be combined with the method of Figure 4 to provide secure messaging and authentication. It should be understood that these methods may be used independently and that the indicators of secure transmission status and authentication status may be combined or kept separate. A person masquerading as an authorized user through the use of forged e-mail headers will lack the appropriate authenticating information, and messages originating from the "masquerader" and received over the Internet can be marked as not authenticated or, in the alternative, blocked.
In lieu of a secure-transmission/authentication device or tag, the web-based e-mail system 100 could utilize a look-up table or database, cross-referencing each message with its secure (or non-secure) and/or authenticated (or not authenticated) status. Whenever a message is sent or retrieved, the table or database would be consulted regarding the status and proper handling of the message, and updated if necessary. The system of Figure 1 can be expanded to incorporate multiple, third-party web-based e-mail systems 200, each with its own users (x and y), as shown in Figure 6.
There, the web-based e-mail system 100 is connected to a third-party web-based e-mail system 200 by a secure link, such as a leased or dial-up telephone line or fiber optic cable 210, encrypted if necessary, or an encrypted channel 220 over the Internet. Since each of the systems 200 implement similar policies of secure connection and user authentication, the benefits of secure transmission and authentication provided by a single system 200 is expanded across multiple systems.
Where third-party web-based e-mail systems 200 are interconnected with the primary web-based e-mail system 100, the third-party system 200 could confirm the- secure status of a message by the presence of an secure-transmission device and receipt of the message via a secure link. Alternatively, the secure status of a message could be determined by use of a shared look-up table or database.
By interconnecting two or more web-based e-mail systems through secure links, an expanded universe of security is created. Messages can then pass between the systems and its users in secure fashion, with indicia of secure status (e.g., a security device or tag).