WO2004088447A2 - A digital e-mail certificate - Google Patents

A digital e-mail certificate Download PDF

Info

Publication number
WO2004088447A2
WO2004088447A2 PCT/IB2004/000220 IB2004000220W WO2004088447A2 WO 2004088447 A2 WO2004088447 A2 WO 2004088447A2 IB 2004000220 W IB2004000220 W IB 2004000220W WO 2004088447 A2 WO2004088447 A2 WO 2004088447A2
Authority
WO
WIPO (PCT)
Prior art keywords
mail
policy
certificate
digital
data
Prior art date
Application number
PCT/IB2004/000220
Other languages
French (fr)
Other versions
WO2004088447A3 (en
Inventor
Michael James Anthony Kalogeropoulos
Steven Andrew Burkett
Original Assignee
Emedia It Cc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Emedia It Cc filed Critical Emedia It Cc
Publication of WO2004088447A2 publication Critical patent/WO2004088447A2/en
Publication of WO2004088447A3 publication Critical patent/WO2004088447A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management
    • G06Q10/107Computer-aided management of electronic mailing [e-mailing]

Definitions

  • This invention relates to a digital e-mail policy certificate, to a method of informing a third party of at least one aspect of an e-mail policy of a sender of an e-mail or at least one characteristic of the content of the e-mail, and to a method of accepting or rejecting an e-mail depending on the digital e-mail certificate attached to the e-mail.
  • vicarious liability refers to the fact that, because an employee is in the employ of a company, e-mail sent by the employee represents the organisation's official view. Due to the importance of e-mail in business today, personal e-mails, inappropriate content, company resource usage, and workplace productivity are a highlighted concern.
  • a digital e-mail certificate comprising data transmitted with an e-mail message wherein the data includes information regarding the e-mail policy of the sender.
  • the e-mail certificate has a plurality of fields, each field corresponding to a criterion of an e-mail policy.
  • the data may indicate whether or not the e-mail policy of the sender conforms to at least one of the criteria.
  • the digital e-mail certificate may be in XML format or in X509 format.
  • a digital e-mail certificate comprising data transmitted with an e-mail message, wherein the data includes information regarding the content of the e-mail.
  • the e-mail certificate has a plurality of fields, each field corresponding to a criterion of e-mail content.
  • the data may indicate whether or not the e-mail conforms to at least one of the criteria.
  • the digital e-mail certificate may be in XML format or in X509 format.
  • a method of providing a recipient with information regarding an e-mail policy of a sender of an e-mail comprising the steps of:
  • compiling data including information regarding the e-mail policy of ' the sender with regard to at least one criterion; and transmitting the data over a communications network to the recipient.
  • the method may further comprise the steps of compiling data indicating whether or not the e-mail policy of the sender conforms lo at least one of the criteria.
  • the data is transmitted together with the e-mail to the recipient.
  • the digital e-mail certificate may be in XML format or in X509 format.
  • a method of providing a recipient with information regarding the content of an e-mail comprising the steps of:
  • compiling data including information regarding the content of the e- mail with regard to at least one criterion
  • the data may indicate whether or not the content of the e-mail conforms to at least one of the criteria.
  • the data is transmitted together with the e-mail to the recipient.
  • the digital e-mail certificate may be in XML format or in X509 format.
  • the implementation of the present invention is akin to that of a certification authority (CA).
  • CA certification authority
  • present certification authorities deal with security issues such as authentication, encryption and non-repudiation while the present invention deals with ensuring a sender abides to their e-mail policy.
  • an e-mail certification authority receives a request from a third party to certify their e-mail policy.
  • the CA authenticates the identity of the third party and requests a copy of the third party's e-mail policy for accurate representation.
  • the CA may suggest a suitable policy.
  • the third party Upon signing an agreement of adherence to the policy, the third party is issued with a digital e-mail certificate containing a concise, computer readable version of their e-mail policy. This certificate would be valid for a limited amount of time and would typically be subject to renewal. The structure of the digital e-mail policy certificate and its technical considerations will be discussed in more detail below.
  • the third party could be issued with software which binds the digital e-mail policy certificate in a data form to all outgoing e-mail, and transmits it with e-mail sent by the third party.
  • the software may be able to enforce certain aspects of the e- mail to ensure that they are in accordance with the e-mail policy of the sender.
  • Another software module filters all incoming e-mail by reviewing a digital e- mail policy certificate attached to the e-mail and ensuring that this complies with the e-mail policy of the receiving party.
  • DPC Digital Policy Certificate
  • DPC One medium for the DPC is the current XML standard, as defined by the W3C (Worldwide Web Consortium).
  • W3C Worldwide Web Consortium
  • XML XML standard
  • W3C Worldwide Web Consortium
  • XML XML standard
  • its inherent extensibility allows the incorporation of specifically chosen fields (the term field, will be used to describe the criteria that an e-mail policy may conform to) that would allow the accurate representation of the information necessary to portray an e-mail policy.
  • XML While affording the ability to extend, XML also provides a platform to evolve with ever changing requirements.
  • DPC DPC
  • IETF Internet Engineering Task Force
  • the DPC contains information regarding the e-mail policy of the entity that it represents. This information is the specific criteria the entity either conforms to or explicitly refuses to conform to.
  • the criteria will be represented as a set of fields within the DPC that hold accompanying values.
  • the combination of these fields and values allow the representation of the e-mail policy in XML or the X509v3 format.
  • fields where possible are regarded in a positive light. For example "Will not send Unsolicited Mail”, “Will not send Offensive Material” and “Is dedicated to a fast Dispute Resolution Process”.
  • the actual field regardless of type, may still contain child elements, depending on the discretion of the designers. However, regardless of the presence of child elements, the field value will contain one of the predefined field values (boolean, or variant).
  • va ⁇ allowedAttachmentSize 1024kb var:allowedAttachmentExtensions:"jpg,doc,txt,xls
  • virusScan whether or not the sending company uses virus scanning software on outbound e-mail
  • allowedAttachmentSize maximum size the sender allows for attachments, and an indication of expected e-mail size for the recipient
  • the DPC is bound to each e-mail in such a way as to prohibit the theft or commandeering of the DPC (i.e. a third party attempting to attach another entity's DPC to their e-mail, in order to falsely claim compliance to certain policy criterion).
  • the attachment of the DPC to the e-mail messages is done by an email policy management application.
  • This application may first check the e-mail to try and determine whether or not the e-mail is in breach of any of the criterion specified by the DPC. For example - "Allowed Attachment Extensions". It will be appreciated that not every criteria is able to be automatically verified. For instance, it would be difficult to automatically check the messages for weighted political views and so this kind of criteria would still have to rely on the discretion of the party using the DPC, where the DPC explicitly states that there would be no political communication of any sort. After the initial check is complete (if, as already mentioned, there are any checkable criterion) the DPC is attached and bound to the message by cryptographic means.
  • the DPC is built in conjunction with the currently forming standard of the XML Digital Certificate, the DPC is bound to the message in much the same way that a security certificate is bound to an e-mail message. If the DPC is built on the current PKI (Public Key Infrastructure) standard of the X509v3 Certificate, the DPC is bound to the message in the same way that a security certificate is bound to an e-mail message.
  • PKI Public Key Infrastructure
  • the message could be bounced back to the sender, telling them which criteria they failed, how to rectify the situation (possibly with a user defined message), and optionally, take some other audit actions.
  • These audit actions could be, for instance, the logging of the sender for statistics and external action i.e. disciplinary action for repeat offenders, or possibly, a notice informing the sender to review the e-mail policy, etc.
  • the software compiles the DPC in the form of data indicating at least one aspect of the e-mail policy of the sender and transmits the data over a communication network to the third party.
  • the data is preferably but not necessarily transmitted together with the e-mail.
  • the host of the client's mailbox (this could be the recipients' mail provider, or company) has the interpretation software installed on the mail server (server side).
  • the recipient configures the interpretation software to perform actions based on the contents of the DPC.
  • rules are created that remove all mail where the accompanying DPC has, for example, the field - "Could contain e-Marketing", and its corresponding value was True. This would allow the specified actions to be executed, but typically only after the mail had already entered the users mail client. This can be thought of as a rule system akin to that of a mail client such as MicrosoftTM Outlook/Outlook Express, only that this would be based on the information contained within the DPC.
  • a drawback here is that the mail would first have to be downloaded for the DPC to be interrogated, and actions based on the derived information to then be executed. This therefore still requires the time to download the message only to potentially have it removed.
  • it would be possible to create extra features that work with the DPC such as password protect messages that have been flagged as "possible adult content", for example.
  • the interpretation software resides remote to the client and checks the DPC before the actual receiving (downloading) of the messages.
  • an interface may be supplied to allow the user to specify their specific criteria on which to filter.
  • a user may not be allowed to change the filtering criteria as it is solely based on the company's decisions governing e-mail. The advantage of this is a reduction of time wasted as the messages that have been blocked would not even reach the user, and increased productivity.
  • the receiver receives the digital e-mail policy certificate in the form of data which has been transmitted together with the e-mail.
  • the data indicating at least one aspect of an e-mail policy of the e-mail sender.
  • the e-mail policy of the sender is compared with stored data representing the e-mail policy of the receiver and if it is acceptable, the e-mail is accepted.
  • the invention would not affect the normal function of e-mail in any way. It would be as if the third party were given an option that they chose not to use. Therefore it is still possible for recipients to be unhampered by the inclusion of the DPC.
  • the invention has been described particularly with respect to capturing an e-mail policy in a digital e-mail policy certificate, the invention could equally be applied to describing the content of individual e-mails in digital e-mail content certificates. This would work in much the same way as has been described above except that the fields in the digital X certificate would refer to the contents of the particular e-mail rather than to the policy of the sender. The sender would have to either request a certificate for each e-mail or certain aspects of the e-mail could be automatically checked and inserted into the digital certificate.
  • An organisation will be able to enforce their e-mail policy on each outgoing e-mail, according to the attached certificate. The reverse of this is also true, the organisation will be able to filter incoming e-mail according to a third party's e-mail policy. E-mails not having a certificate can be sent through conventional filtering or diverted to a different folder. Marketing e-mail can be marked as such if the sender has expressed this in their e-mail policy certificate and be dealt with accordingly.
  • the system will also lay the groundwork for organisations to monitor and discipline employees who breach, or try to breach the e-mail policy concerned. Furthermore, e-mail policies stating that an e-mail may contain adult content can be marked as such and be password protected.

Abstract

The present invention deals with ensuring a sender abides to their e-mail policy. An e-mail certification authority (CA) receives a request from a third party to certify their e-mail policy. The CA authenticates the identity of the third party and requests a copy of the third party's e-mail policy for accurate representation. Upon signing an agreement of adherence to the policy, the third party is issued with a digital e-mail certificate containing a concise, computer readable version of their e-mail policy. This certificate is valid for a limited amount of time and would typically be subject to renewal. The third party is issued with software which binds the digital e-mail policy certificate in a data form to all outgoing e-mail, and transmits it with e-mail sent by the third party. Another software module filters all incoming e-mail by reviewing a digital e-mail policy certificate attached to the e-mail and ensuring that this complies with the e-mail policy of the receiving party.

Description

A DIGITAL E-MAIL CERTIFICATE
BACKGROUND OF THE INVENTION
This invention relates to a digital e-mail policy certificate, to a method of informing a third party of at least one aspect of an e-mail policy of a sender of an e-mail or at least one characteristic of the content of the e-mail, and to a method of accepting or rejecting an e-mail depending on the digital e-mail certificate attached to the e-mail.
The Internet and networked computers have allowed the widespread use of e-mail in order to conduct business. The uses of e-mail are vast and facilitate many business processes. However, there is little control over the usage of e-mail. In this regard, organisations have implemented e-mail policies which advise employees on how to e-mail in accordance with the organisation's requirements. Some organisations have software that enforces this policy to a certain degree.
The issue of e-mails being sent from an organisation which do not reflect the company's views is becoming a serious matter. The term vicarious liability refers to the fact that, because an employee is in the employ of a company, e-mail sent by the employee represents the organisation's official view. Due to the importance of e-mail in business today, personal e-mails, inappropriate content, company resource usage, and workplace productivity are a highlighted concern.
A further issue occurs regarding organisations that do not have an e-mail policy or whose business practice does not conform to responsible e-mail usage. One is unable to know another party's standpoint on e-mailing unless a prior business relationship exists, and it is virtually impossible to tell whether or not what one has received is valid with regard to ethical mailing until the e-mail is downloaded and read. SUMMARY OF THE INVENTION
According to the present invention there is provided a digital e-mail certificate comprising data transmitted with an e-mail message wherein the data includes information regarding the e-mail policy of the sender.
Preferably, the e-mail certificate has a plurality of fields, each field corresponding to a criterion of an e-mail policy.
The data may indicate whether or not the e-mail policy of the sender conforms to at least one of the criteria.
The digital e-mail certificate may be in XML format or in X509 format.
According to the present invention there is further provided a digital e-mail certificate comprising data transmitted with an e-mail message, wherein the data includes information regarding the content of the e-mail.
Preferably, the e-mail certificate has a plurality of fields, each field corresponding to a criterion of e-mail content.
The data may indicate whether or not the e-mail conforms to at least one of the criteria.
The digital e-mail certificate may be in XML format or in X509 format.
According to the present invention there is further provided a method of providing a recipient with information regarding an e-mail policy of a sender of an e-mail, the method comprising the steps of:
compiling data including information regarding the e-mail policy of ' the sender with regard to at least one criterion; and transmitting the data over a communications network to the recipient.
The method may further comprise the steps of compiling data indicating whether or not the e-mail policy of the sender conforms lo at least one of the criteria.
Preferably, the data is transmitted together with the e-mail to the recipient.
The digital e-mail certificate may be in XML format or in X509 format.
According to the present invention there is further provided a method of providing a recipient with information regarding the content of an e-mail, the method comprising the steps of:
compiling data including information regarding the content of the e- mail with regard to at least one criterion; and
transmitting the data over a communications network to the recipient.
The data may indicate whether or not the content of the e-mail conforms to at least one of the criteria.
Preferably, the data is transmitted together with the e-mail to the recipient.
The digital e-mail certificate may be in XML format or in X509 format.
According to the present invention there is further provided a method of accepting or rejecting an e-mail, the method comprising the steps of:
receiving a digital e-mail certificate in the form of data which has been transmitted together with the e-mail, wherein the data includes information regarding the e-mail policy of the sender with regard to at least one criterion;
comparing the data contained in the digital e-mail certificate with stored data representing an e-mail policy of the e-mail recipient; and
accepting the e-mail only if the data is acceptable in terms of the e- mail policy of the recipient.
According to the present invention there is further provided a method of accepting or rejecting an e-mail, the method comprising the steps of:
receiving a digital e-mail certificate in the form of data which has been transmitted together with the e-mail, wherein the data includes information regarding the content of the e-mail with regard to at least one criterion;
comparing the data contained in the digital e-mail certificate with stored data representing an e-mail policy of the e-mail recipient; and
accepting the e-mail only if the data is acceptable in terms of the e- mail policy of the recipient.
DESCRIPTION OF EMBODIMENTS
The implementation of the present invention is akin to that of a certification authority (CA). However, present certification authorities deal with security issues such as authentication, encryption and non-repudiation while the present invention deals with ensuring a sender abides to their e-mail policy.
According to the present invention, an e-mail certification authority (CA) receives a request from a third party to certify their e-mail policy. The CA authenticates the identity of the third party and requests a copy of the third party's e-mail policy for accurate representation.
It is possible that if the third party does not have any e-mail policy or has an inadequate e-mail policy, the CA may suggest a suitable policy.
Upon signing an agreement of adherence to the policy, the third party is issued with a digital e-mail certificate containing a concise, computer readable version of their e-mail policy. This certificate would be valid for a limited amount of time and would typically be subject to renewal. The structure of the digital e-mail policy certificate and its technical considerations will be discussed in more detail below.
The third party could be issued with software which binds the digital e-mail policy certificate in a data form to all outgoing e-mail, and transmits it with e-mail sent by the third party.
In addition, the software may be able to enforce certain aspects of the e- mail to ensure that they are in accordance with the e-mail policy of the sender.
Another software module filters all incoming e-mail by reviewing a digital e- mail policy certificate attached to the e-mail and ensuring that this complies with the e-mail policy of the receiving party.
It is envisaged that in the event of any third party breaching their e-mail policy and a complaint being received by the CA, a dispute resolution process will be initiated.
If the third party cannot account for not complying with their e-mail policy, their digital e-mail certificate will be revoked.
Turning now to the technical considerations to implement the present invention. As mentioned above, the e-mail policy will be represented in a digital format, hereafter referred to as a "DPC" (Digital Policy Certificate).
One medium for the DPC is the current XML standard, as defined by the W3C (Worldwide Web Consortium). Using the XML standard as a base, its inherent extensibility allows the incorporation of specifically chosen fields (the term field, will be used to describe the criteria that an e-mail policy may conform to) that would allow the accurate representation of the information necessary to portray an e-mail policy. While affording the ability to extend, XML also provides a platform to evolve with ever changing requirements.
It will be appreciated that other technical solutions may become available to allow the implementation of the present invention.
A preferred medium for the DPC is the current X509 version 3 standard, as defined by the Internet Engineering Task Force (IETF). Using this format, its inherent extensibility (specifically the use of certificate extensions) allows for the incorporation of specifically chosen fields (as above, the term field, will be used to describe the criteria that an e-mail policy may conform to), that would allow the accurate representation of the information necessary to portray an e-mail policy. While affording the ability to extend, this format is inherently supported by many current Operating Systems, and e-mail clients, therefore the extent to which modification is required for these existing products, may be greatly reduced
As already stated, the DPC contains information regarding the e-mail policy of the entity that it represents. This information is the specific criteria the entity either conforms to or explicitly refuses to conform to.
The criteria will be represented as a set of fields within the DPC that hold accompanying values. The combination of these fields and values allow the representation of the e-mail policy in XML or the X509v3 format. In order to reduce confusion, fields where possible are regarded in a positive light. For example "Will not send Unsolicited Mail", "Will not send Offensive Material" and "Is dedicated to a fast Dispute Resolution Process".
The fields are available in two types:
- Boolean
- Variant
However, it should be noted that special consideration must be given to fields that are not specifically incorporated in a third party's DPC. If the field is present in the DPC it will have an associated value, however, if the field is not present in the DPC (i.e.. absence of the field), it will then inherit a value of Unknown. In other words, any field not explicitly featured in the DPC gains the value of Unknown if an attempt is made to interrogate its value.
From a technical point of view, the actual field (XML tag), regardless of type, may still contain child elements, depending on the discretion of the designers. However, regardless of the presence of child elements, the field value will contain one of the predefined field values (boolean, or variant).
In the X509v3 format, there will be one certificate extension dedicated to the capture of the policy within the certificate. It is anticipated that this extension will hold a delimited string of all the criteria. A simple string was chosen to reduce the complexity of the certificate encoding/decoding. However due to certain technological factors (size, speed), the extension may be specifically encoded to hold the policy in a format other than a simple string
Boolean Field Criteria
These fields (or tags) can only be associated with one of these two values: - True
- False If the e-mail policy conforms to the field in question, it has a True (1) value, if it explicitly refuses to conform, it has a False (0) value.
For example (boolean):
<criteria id=1 friendly-name- 'Contains Marketing Content" critical=1 >True</criteria>
or
bool:marketing:true -or- bool:marketing:1
Variant Field Criteria
These fields (or extensions) can be associated with any type of value:
- Characters and/or
- Numeric
These fields will be used to store miscellaneous information that can not be represented by a simple "yes/no" or "true/false" value.
For example variant:
<version friendly-name="DPC Version">v3.00</version>
<criteria id=2 friendly-name-'Allowed Attachment
Extensions">jpg;doc</criteria>
or
vaπallowedAttachmentSize: 1024kb var:allowedAttachmentExtensions:"jpg,doc,txt,xls
Using these two types of fields, it is anticipated that all relevant information regarding the e-mail policy could be accurately captured and represented. This would allow for not only ease of use for client applications, but also for the variations on e-mail policies that exist currently.
It is not feasible to represent an entire organisation's policy, which may be part of a Communication or Acceptable Use Policy, but it is possible to represent the core aspects involving e-mail. The following proposed criterion are viewed as fundamental elements governing the content and character of each individual e-mail leaving an organisation, determined by a policy directive. The criterion are by no means complete, and further changes and additions may occur.
• version (the current version of DPC applicable)
• virusScan (whether or not the sending company uses virus scanning software on outbound e-mail)
• virusScanSoftware (the virus scan product used)
• policyEnforcementSoftware (the policy enforcement software used)
• allowedAttachmentExtensions (attachments that the sender allows on outbound e-mail)
• allowedAttachmentSize (maximum size the sender allows for attachments, and an indication of expected e-mail size for the recipient)
• offensiveText (whether or not offensive text is allowed or may be present)
• offensivelmagery (whether or not offensive imagery is allowed or may be present)
• adultContent (whether or not adult content is allowed or may be present)
• unsolicited (whether or not unsolicited e-mailing is practiced)
• marketingUsage (whether or not a sender may use e-mail for marketing purposes)
• newsletterUsage (whether or not a sender may use e-mail for newsletters) • unsubscribeOptionAvailable (whether or not the sender provides an unsubscribe option to recipients on a particular mailing list) o unsubscribeLink (same as above, including a link to an unsubscribe service) o misrepresentation
• deliberateMaliciousContent (whether or not a sender may send malicious content, or an indication of measures preventing such content)
• copyπghtMaterialTransmission (whether or not copyright material may be sent or expected)
• confidentialMaterial (whether or not confidential material may be sent or expected)
• nonBusinessRelatedAllowed (whether or not personal e-mail messages are allowed or may be expected)
• disclaimer
• additionalText
• complaintReportEmailAddress (an e-mail address to report an abuse of policy)
• complaintReportUrl (a url address to report abuse of policy)
Once an entity has been issued a DPC, it would then, ideally, be attached to all outgoing e-mail correspondence by verification software. However, the use of such verification software may not always be a viable option. For example, the average home user may not have the resources necessary to use such software. Therefore provision has been made that could exclude the automatic verification of the e-mail before the DPC is attached. Nevertheless, it is critical that even without machine verification, none of the criterion are breached. This then places more responsibility on the user.
The DPC is bound to each e-mail in such a way as to prohibit the theft or commandeering of the DPC (i.e. a third party attempting to attach another entity's DPC to their e-mail, in order to falsely claim compliance to certain policy criterion).
The attachment of the DPC to the e-mail messages is done by an email policy management application. This application may first check the e-mail to try and determine whether or not the e-mail is in breach of any of the criterion specified by the DPC. For example - "Allowed Attachment Extensions". It will be appreciated that not every criteria is able to be automatically verified. For instance, it would be difficult to automatically check the messages for weighted political views and so this kind of criteria would still have to rely on the discretion of the party using the DPC, where the DPC explicitly states that there would be no political communication of any sort. After the initial check is complete (if, as already mentioned, there are any checkable criterion) the DPC is attached and bound to the message by cryptographic means.
If the DPC is built in conjunction with the currently forming standard of the XML Digital Certificate, the DPC is bound to the message in much the same way that a security certificate is bound to an e-mail message. If the DPC is built on the current PKI (Public Key Infrastructure) standard of the X509v3 Certificate, the DPC is bound to the message in the same way that a security certificate is bound to an e-mail message.
Not only does this ensure that the message that has left the entity was, to the best of the entity's ability, in compliance with the DPC, but also that the message was not altered in any way during transport. The method of binding only allows the DPC to be bound to a message with that specific message's content. Therefore, it is safe to assume that any modification to the message would have a different content which would render the DPC invalid for that specific message.
If, however, the message fails the machine verification (i.e. one or more of the criterion specified, was, in some or other way, breached), the message could be bounced back to the sender, telling them which criteria they failed, how to rectify the situation (possibly with a user defined message), and optionally, take some other audit actions. These audit actions could be, for instance, the logging of the sender for statistics and external action i.e. disciplinary action for repeat offenders, or possibly, a notice informing the sender to review the e-mail policy, etc.
In short, the software compiles the DPC in the form of data indicating at least one aspect of the e-mail policy of the sender and transmits the data over a communication network to the third party. The data is preferably but not necessarily transmitted together with the e-mail.
When the message arrives at its specified recipient, various situations could arise:
1) The recipient has interpretation software installed on his/her own computer (client side).
2) The host of the client's mailbox (this could be the recipients' mail provider, or company) has the interpretation software installed on the mail server (server side).
3) There is no interpretation software installed at any of the previously mentioned sites.
In the first situation, the recipient configures the interpretation software to perform actions based on the contents of the DPC. In other words, rules are created that remove all mail where the accompanying DPC has, for example, the field - "Could contain e-Marketing", and its corresponding value was True. This would allow the specified actions to be executed, but typically only after the mail had already entered the users mail client. This can be thought of as a rule system akin to that of a mail client such as Microsoft™ Outlook/Outlook Express, only that this would be based on the information contained within the DPC. A drawback here is that the mail would first have to be downloaded for the DPC to be interrogated, and actions based on the derived information to then be executed. This therefore still requires the time to download the message only to potentially have it removed. However, with the tools on the client side, it would be possible to create extra features that work with the DPC such as password protect messages that have been flagged as "possible adult content", for example.
In the second situation the interpretation software resides remote to the client and checks the DPC before the actual receiving (downloading) of the messages. In the case of an Internet Service Provider (ISP) or public mail system such as Microsoft™ Hotmail, an interface may be supplied to allow the user to specify their specific criteria on which to filter. In the case of a company, a user may not be allowed to change the filtering criteria as it is solely based on the company's decisions governing e-mail. The advantage of this is a reduction of time wasted as the messages that have been blocked would not even reach the user, and increased productivity.
In both of the above scenarios, the receiver receives the digital e-mail policy certificate in the form of data which has been transmitted together with the e-mail. The data indicating at least one aspect of an e-mail policy of the e-mail sender. The e-mail policy of the sender is compared with stored data representing the e-mail policy of the receiver and if it is acceptable, the e-mail is accepted.
In the third and final scenario, the invention would not affect the normal function of e-mail in any way. It would be as if the third party were given an option that they chose not to use. Therefore it is still possible for recipients to be unhampered by the inclusion of the DPC.
From a technical point of view, if there were to be a breach reported it would be a simple issue to revoke the DPC by inserting the DPC into a blacklist. This blacklist would then be used by all the interpretation software to recognise any blacklisted DPC's. There would also be a reason for the blacklisting which may not always be because of a breach of DPC criterion, but may also be, a conscious decision of the owner of the DPC to cancel for some or other reason before the expiry of the DPC.
User defined actions could then be executed when a "blacklisted" DPC was encountered.
Although the invention has been described particularly with respect to capturing an e-mail policy in a digital e-mail policy certificate, the invention could equally be applied to describing the content of individual e-mails in digital e-mail content certificates. This would work in much the same way as has been described above except that the fields in the digital X certificate would refer to the contents of the particular e-mail rather than to the policy of the sender. The sender would have to either request a certificate for each e-mail or certain aspects of the e-mail could be automatically checked and inserted into the digital certificate.
The benefits of the present invention are numerous.
An organisation will be able to enforce their e-mail policy on each outgoing e-mail, according to the attached certificate. The reverse of this is also true, the organisation will be able to filter incoming e-mail according to a third party's e-mail policy. E-mails not having a certificate can be sent through conventional filtering or diverted to a different folder. Marketing e-mail can be marked as such if the sender has expressed this in their e-mail policy certificate and be dealt with accordingly. Upon widespread industrial application of such a system, unsolicited e-mail or 'spam' would be hard pressed to get through such filtering, and if, after purchasing a certificate with a falsified e-mail policy, an entity used it to 'spam' mailboxes, the said certificate need just be revoked, rendering it useless.
The system will also lay the groundwork for organisations to monitor and discipline employees who breach, or try to breach the e-mail policy concerned. Furthermore, e-mail policies stating that an e-mail may contain adult content can be marked as such and be password protected.
There are also various advantages such as the possible marking of messages in different colours/folders based on the suspected content of the message.
An increase of receiver trust as this could be seen as a responsible commitment of the company/individual, to ethical mailing practices. By ethical it is meant that the message, is what it claims to be - i.e. that no subversive actions have been made by the sender to coerce the receiver into reading the message.
If one of the criterion were breached, and within reason, the recipient would now have a means of legal recourse, or at the very least, the DPC could then be revoked - and therefore rendered useless.

Claims

C LAI MS:
1. A digital e-mail certificate comprising data transmitted with an e-mail message wherein the data includes information regarding the e-mail policy of the sender.
2. A digital e-mail certificate according to claim 1 wherein the e-mail certificate has a plurality of fields, each field corresponding to a criterion of an e-mail policy.
3. A digital e-mail certificate according to claim 2 wherein the data indicates whether or not the e-mail policy of the sender conforms to at least one of the criteria.
4. A digital e-mail certificate according to claim 1 wherein the digital e-mail certificate is in XML format.
5. A digital e-mail certificate according to claim 1 wherein the digital e-mail certificate is in X509 format.
6. A digital e-mail certificate comprising data transmitted with an e-mail message, wherein the data includes information regarding the content of the e-mail.
7. A digital e-mail certificate according to claim 6 wherein the e-mail certificate has a plurality of fields, each field corresponding to a criterion of e-mail content.
8. A digital e-mail certificate according to claim 7 wherein the data indicates whether or not the e-mail conforms to at least one of the criteria.
9. A digital e-mail certificate according to claim 6 wherein the digital e-mail certificate is in XML format.
10. A digital e-mail certificate according to claim 6 wherein the digital e-mail certificate is in X509 format.
11. A method of providing a recipient with information regarding an e-mail policy of a sender of an e-mail, the method comprising the steps of:
compiling data including information regarding the e-mail policy of the sender with regard to at least one criterion; and
transmitting the data over a communications network to the recipient.
12. A method according to claim 11 further comprising the steps of compiling data indicating whether or not the e-mail policy of the sender conforms to at least one of the criteria.
13. A method according to claim 11 wherein the data is transmitted together with the e-mail to the recipient.
14. A method according to claim 11 wherein the data is transmitted in XML format.
15. A method according to claim 11 wherein the data is transmitted in X509 format.
16. A method of providing a recipient with information regarding the content of an e-mail, the method comprising the steps of:
compiling data including information regarding the content of the e- mail with regard to at least one criterion; and transmitting the data over a communications network to the recipient.
17. A method according to claim 16 wherein the data indicates whether or not the content of the e-mail conforms to at least one of the criteria.
18. A method according to claim 16 wherein the data is transmitted together with the e-mail to the recipient.
19. A method according to claim 16 wherein the data is transmitted in XML format.
20. A method according to claim 16 wherein the data is transmitted in X509 format.
21. A method of accepting or rejecting an e-mail, the method comprising the steps of:
receiving a digital e-mail certificate in the form of data which has been transmitted together with the e-mail, wherein the data includes information regarding the e-mail policy of the sender with regard to at least one criterion;
comparing the data contained in the digital e-mail certificate with stored data representing an e-mail policy of the e-mail recipient; and
accepting the e-mail only if the data is acceptable in terms of the e- mail policy of the recipient.
22. A method of accepting or rejecting an e-mail, the method comprising the steps of:
receiving a digital e-mail certificate in the form of data which has been transmitted together with the e-mail, wherein the data includes information regarding the content of the e-mail with regard to at least one criterion;
comparing the data contained in the digital e-mail certificate with stored data representing an e-mail policy of the e-mail recipient; and
accepting the e-mail only if the data is acceptable in terms of the e- mail policy of the recipient.
PCT/IB2004/000220 2003-04-04 2004-01-30 A digital e-mail certificate WO2004088447A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
ZA2003/2653 2003-04-04
ZA200302653 2003-04-04

Publications (2)

Publication Number Publication Date
WO2004088447A2 true WO2004088447A2 (en) 2004-10-14
WO2004088447A3 WO2004088447A3 (en) 2005-02-17

Family

ID=33132346

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2004/000220 WO2004088447A2 (en) 2003-04-04 2004-01-30 A digital e-mail certificate

Country Status (2)

Country Link
WO (1) WO2004088447A2 (en)
ZA (1) ZA200508018B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6073142A (en) * 1997-06-23 2000-06-06 Park City Group Automated post office based rule analysis of e-mail messages and other data objects for controlled distribution in network environments
US6275850B1 (en) * 1998-07-24 2001-08-14 Siemens Information And Communication Networks, Inc. Method and system for management of message attachments
US6334140B1 (en) * 1997-09-25 2001-12-25 Nec Corporation Electronic mail server in which electronic mail is processed
US6658456B1 (en) * 1997-09-29 2003-12-02 Panasonic Communications Co., Ltd. Electric mail transferring apparatus and electric mail transferring method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6073142A (en) * 1997-06-23 2000-06-06 Park City Group Automated post office based rule analysis of e-mail messages and other data objects for controlled distribution in network environments
US6334140B1 (en) * 1997-09-25 2001-12-25 Nec Corporation Electronic mail server in which electronic mail is processed
US6658456B1 (en) * 1997-09-29 2003-12-02 Panasonic Communications Co., Ltd. Electric mail transferring apparatus and electric mail transferring method
US6275850B1 (en) * 1998-07-24 2001-08-14 Siemens Information And Communication Networks, Inc. Method and system for management of message attachments

Also Published As

Publication number Publication date
ZA200508018B (en) 2009-03-25
WO2004088447A3 (en) 2005-02-17

Similar Documents

Publication Publication Date Title
JP3932319B2 (en) Email firewall using encryption / decryption with stored key
US7380126B2 (en) Methods and apparatus for controlling the transmission and receipt of email messages
EP1523837B1 (en) Method and system for controlling messages in a communication network
KR101266086B1 (en) Electronic document distribution system
US8359360B2 (en) Electronic message system with federation of trusted senders
US9021560B1 (en) Authorization via web of subsequent message delivery from a specified sender
US7730145B1 (en) Anti-UCE system and method using class-based certificates
US7216233B1 (en) Apparatus, methods, and computer program products for filtering information
US9391775B2 (en) Signature method and device
US20070168666A1 (en) Email policy manager
US20060031333A1 (en) Method to populate white list
Qashqari et al. Electronic Mail Security
JP2004104596A (en) Time stamp mail server system
WO2004088447A2 (en) A digital e-mail certificate
Fontana Authentication failure reporting using the abuse reporting format
Herzberg Controlling spam by secure internet content selection
EP4280563A1 (en) A trustable e-mail system and method
US10243902B2 (en) Methods and apparatus for controlling the transmission and receipt of email messages
KR20160094726A (en) Method for producing electronic contracts certified by a user of a telecommunications operator
FI115745B (en) Procedure and server for the protection of an email
Jones Client Confidentiality: A Lawyers’s Duties with Regard to Internet Email
Hallam-Baker DomainKeys Identified Mail T. Hansen Internet-Draft AT&T Laboratories Intended status: Informational D. Crocker Expires: April 25, 2007 Brandenburg InternetWorking
Fontana RFC 6591: Authentication Failure Reporting Using the Abuse Reporting Format
Stecher RFC 4902: Integrity, Privacy, and Security in Open Pluggable Edge Services (OPES) for SMTP
Stecher Integrity, Privacy, and Security in Open Pluggable Edge Services (OPES) for SMTP

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): BW GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 200508018

Country of ref document: ZA

122 Ep: pct application non-entry in european phase