[go: up one dir, main page]

MXPA06002729A - Message security. - Google Patents

Message security.

Info

Publication number
MXPA06002729A
MXPA06002729A MXPA06002729A MXPA06002729A MXPA06002729A MX PA06002729 A MXPA06002729 A MX PA06002729A MX PA06002729 A MXPA06002729 A MX PA06002729A MX PA06002729 A MXPA06002729 A MX PA06002729A MX PA06002729 A MXPA06002729 A MX PA06002729A
Authority
MX
Mexico
Prior art keywords
terminal
key
user
seed
email
Prior art date
Application number
MXPA06002729A
Other languages
Spanish (es)
Inventor
Peter Davin
Original Assignee
Secured Email Goteborg Ab
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from SE0302456A external-priority patent/SE527561C2/en
Priority claimed from SE0400238A external-priority patent/SE0400238D0/en
Application filed by Secured Email Goteborg Ab filed Critical Secured Email Goteborg Ab
Publication of MXPA06002729A publication Critical patent/MXPA06002729A/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/12Transmitting and receiving encryption devices synchronised or initially set up in a particular manner
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Transfer Between Computers (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The present invention relates to a method of transmitting an electrical message, preferably an email from a first user having a first terminal to a second user having a second terminal, comprising the steps of: transmitting said email in an encrypted form by said first terminal, said encrypted e-mail being encrypted by means of a key generated by a first key generator using a seed, providing once said second user with said seed for generating a key with a second key generator provided in said second terminal, providing to and storing said seed in said second terminal, using said seed by said second terminal for generating a key each time an encrypted email from said first user to said second user is received, synchronising a counting value in each terminal; and generating said key on the basis of said seed and a counting value in each terminal, independently of other terminal.

Description

GM, KE, LS, MW, MZ, NA, SO, SL, SZ, TZ, UG, ZM, Date of publicalion ol 'the amended claims: 16 June 2005 ZW), Eurasian (AM, AZ, BY, KG, KZ , MD, RU, TJ, TM), European (AT, BE, BG, CH, CY, CZ, DE, DK, EE, ES, Fl, For two-letter codes and olher abbreviations, refer to the "Guld- FR , GB.GR, HU, TE, IT, LU, MC, NL, PL, PT, RO, SE, YES, ance Notes on Codes and Abbrevialions "appearing ai ihe begin- SK, TR), OAP1 (BF, BJ, CF, CG, CL CM, GA, GN, GQ, no regular issue of the P TOazetle, GW, ML, MR, NE, SN, TD, TG). Published: - with inlernalional search report - with amended "claims MESSAGE SECURITY FIELD OF THE INVENTION The present invention refers to a method and system for the secure and encoded transmission of messages, in particular e-mails, in a communications network. BACKGROUND OF THE INVENTION Now it is a normal custom to communicate via electric mail (email) as access to the Internet and other intra-networks has increased. Millions of emails are sent daily on the Internet, containing many types of information. Sending emails is also used within companies and companies for internal and external communications. Many of the emails contain important and secret information. Unfortunately, all emails do not reach their destination and may even be received by incorrect recipients. On the other hand, it is usually easy for unauthorized people to invade servers, or access networks and reading emails. A number of solutions are provided to send encrypted emails: PGP (Pretty Good Privacy) (PGP and Pretty Good Privacy are registered trademarks of PGP REF 170924 Corporation) is an application used to send encrypted emails. This application is a connectable element for email programs based on the use of public keys. Two users exchange public keys, which can then be used to encode and decode emails or other files. On the other hand, when an email is encrypted and transmitted with the recipient's public key, the sending party can not access the email. It is also possible to provide a document and attach it to the email and give the recipient the password to access the annex. Both of these solutions imply that each time a new file or encrypted email is accessed, a password or a personal password must be used. The passwords and the personal password can be forgotten or be in possession of unauthorized persons. On the other hand, the tests have shown that many people, to avoid forgetting a personal password / password, use family names, names of their pets, etc., which can be easily guessed or even make notes. In the International Patent Application WO 02/077773, a system, method, and the product of the computer program for providing a coded e-mail reader and answering machine are described. The method of distributing and initializing a coded e-mail includes: obtaining by a first user a license for an application program -of the e-mail client so-ftware that has a public / private encoding; requesting by the first user that a second user download an application program from the reader / responder software to exchange encrypted emails between the first user and the second user; download and install the reader / answering software application program by second user; send an email by the second user to the first user that includes entering an uncoded public key using a send key function of the reader / responder software application program; receive the email of the second user by the first user, where the uncoded public key is incorporated into the email; answering by the first user by sending a second email to the first user, where the application program of the reader / answering software encodes a message of the second email in a message encoded using the unencrypted public key of the second user; receive the second email from the second user with the message encoded as an attachment to the first user in a third part of the email software application program, where the third part of the email software application program is different of the program of application of the software reader / oontestador and of the program of application of the software of the client of electronic mail; and to open by the second user the annex to execute the application program of the operating reader / answering software to allow a user without the software of the email client to read and respond to the encrypted email created and sent from a user who has the software of the email client. The North American Application Issued Number 2002059529, relates to the secure email system for pre-selected users of the email that form a group of participating users that require secure communication, comprising a secure list server to which all emails secure electronic devices are sent by the members of the group of participating users, the server includes a warehouse for data certification and a CPU that compares the names of intended recipients of each email message with data in the warehouse and processes the message to facilitate Progressive certified transmission provided to the certified container duly as indicated by the data in the warehouse.
US 2003140235 relates to a method for exchanging electronic messages between a sender with a group of biometric characteristics listed and a receiver with a group of biometric characteristics listed, comprising: a. exchange the groups of biometric characteristics listed between the sender and receiver; b. generate a group of biometric characteristics explored at the time of the sender; c. generate a first difference key derived from the difference between the group of biometric characteristics explored at the time of the sender and the group of biometric characteristics listed by the sender; d. encode the message with the first key of difference; and. code the group of biometric features scanned at the time of the sender with a coding key; F. transmit to the receiver the coded message and the coded group of biometric features scanned at the time of the sender; g. decoding by the receiver the coded group of biometric features scanned at the time of the sender; h. regenerate the first difference key by calculating the difference between the group of biometric characteristics scanned at the time of the sender and the group of biometric characteristics listed by the sender; and i. Decode the message by using the first regenerated difference key.
WO 01/91366 relates to an apparatus and method for generating pseudo-random cryptographic keys in cryptographic communication systems. Given a common set of initialization configuration data, the pseudo-random cryptographic keys can be duplicated by several pseudo-random key generators independent of the cryptographic communication system. WO 02/39660 relates to a system and method for cryptographic communication between multiple users and a central service provider using cryptographic keys generated in situ. Each user is - communicates with the central service provider preferably using a user communications interface that includes a local key generator, which, after initialization with the user's own (initial) seed value, generates a key cryptographic By distributing the unique individual user seeds to each user, a local key generator of each user generates a unique group of keys. The central service provider also possesses a local key generator, and preferably also possesses a copy of all individual seeds assigned to authorized users. The central service provider preferably communicates in a securely coded manner with each user using the cryptographic keys generated from that user's individual seeds. The distribution of additional common seed values for more than one user, via coded communication - using the unique individual cryptographic key generations, thus allows secure conditional access to users via signal coding using key generations that they result in a common seed value for the intended group of users. In OTP: The single-use fill-generator program is a freely distributed software program, distributed over the Internet (http: // www, fourmilab.ch / onetime) to generate fillings or lists of single-use passwords. BRIEF DESCRIPTION OF THE INVENTION The main object according to the best modality of the present invention is to provide a secure email sending system that allows the coding and decoding of emails without the need for repeated use of passwords or personal keys. In particular, the invention relates to generating synchronized coding keys in at least two remote sites to encode and decode electronic mails or similar messages. Another object of the present invention is to provide a system for sending emails that can filter unwanted emails, also called shelling (spam). Another object of the present invention is to provide a system for sending emails that facilitates the purchase of secure email software programs. For these reasons, the invention according to the best embodiment relates to a method of transmitting an electrical message, preferably an electronic mail from a first user having a first terminal to a second user having a second terminal, comprising the steps of: transmitting the e-mail in a form encoded by the first terminal, the coded e-mail is coded by means of a key generated by a first key generator that uses a seed, providing the second user once the seed to generate a key with a second key generator provided in the second terminal, providing and storing the seed in the second terminal, using the seed by the second terminal to generate a key each time a coded email from the first user to the second user is received, synchronizing a count value in each terminal; and generating the key in the base of the seed and a count value in each terminal, independently of the other terminal.More preferably, the seed is obtained only for the first time at the initiation time.
Preferably, a second seed is obtained if the first seed is unusable, for example, when the application is reinstalled or installed on a new computer. According to one modality, when a number of emails is sent to a receiver, a dynamic serial number is obtained for each coded email. The dynamic serial number is used to generate a key for the corresponding encoded e-mail. According to one embodiment, the invention comprises other steps of synchronizing a value of -count in each terminal; and generate the key based on the seed and a count value in each terminal, independently of the other terminal. The seed is stored in a dynamic and interchangeable manner in at least one terminal, and preferably in all terminals. The count value is generated in a counter in each terminal, the synchronization of the count values implies the synchronization of the counters. After the initial synchronization of the counters, the terminals execute supplementary synchronization stages only when necessary. The operation of generating a key on the basis of the seed and the count value is effected by means of a stored calculation algorithm in a non-dynamic and non-exchangeable manner in at least one of the terminals. According to one embodiment, the invention also comprises the step of generating a list of responsible terminals based on the received seed, and of accepting electronic mails only from records in such a list.
Thus, the bombing can be stopped. For security reasons, the invention, according to the best mode, comprises the step of providing the seed by the first user to the second user by means of at least one of a telephone, fax or letter call. The encrypted email is provided with the encrypted attachments along with the email. The invention also relates to a system for transmitting emails from a first user to a second user. The system comprises a first terminal and a second terminal, the system further comprising: means for transmitting the secure electronic mail in the form of an email encoded by the first terminal, the encrypted electronic mail that is encoded by means of a key generated by a first key generator using a seed, means for once providing the second user with the seed to generate a key with a second key generator, means for providing a means for storing the seed in the second terminal, means for generating a key each time that an encrypted email from the first user to the second user is received by the second terminal using the seed. Each terminal comprises a key generating unit, comprising a memory, in which the identical seeds are stored, a counter for periodically changing a count value, and a calculation terminal adapted to be generated in each terminal and independently of other terminals , and a key in the base of the original value and a count value issued from the counter. The memory to store the seed in at least one of the terminals is a dynamic memory placed to store the seed in a dynamic and interchangeable way. The terminals are arranged to detect when they are not synchronized and then to reset the synchronization. The calculation unit of at least one of the terminals comprises a calculation algorithm, which is stored in a non-dynamic and non-interchangeable manner, and which preferably is a hardware implemented. One of the terminals is a central terminal comprising a plurality of seeds for secure coded transmission involving several different terminals having an original value each. The invention also relates to a product of the computer program for transmitting a secure email from a first user having a first terminal to a second user having a second terminal., which comprises a code for: coding and transmitting e-mails from the first terminal, generating a key using the first seed in the first terminal, obtaining the seed to generate a key with a second key generator in the second terminal, storing the seed in the second terminal, generating a key each time a coded email from the first user to the second user is received by the second terminal using the stored seed. The invention also relates to a propagated signal for transmitting a secure electronic mail from a first user having a first terminal to a second user having a second terminal, comprising the signal having a code for: encoding and transmitting an electronic mail of the first terminal, generating a key that uses the first seed in the first terminal, obtaining the seed to generate a key with a second key generator in the second terminal, storing the seed in the second terminal, generating a key each time an encrypted email from the first user to the second user is received by the second terminal using the stored seed. The invention also relates to a computer readable medium that has stored in it the groups of instructions for transmitting a secure email from a first user having a first terminal to a second user having a second terminal, the group of instructions comprises a code for: encoding and transmitting the electronic mail of the first terminal, generating a key using the first seed in the first terminal, obtaining the seed to generate a key with a second key generator in the second terminal, storing the seed in the second terminal, and generating a key each time a coded email from the first user to the second user is received by the second terminal using the stored seed. The medium can be a memory unit. The invention also relates to a method of marketing a group of instructions for transmitting and receiving a secure email from a first user having a first terminal to a second user having a second terminal. The method comprises: transmitting the secure email in a form encoded by the first terminal, the encrypted email is coded by means of a key generated by a first key generator that uses a seed, providing the secure email with an accessible message that refers to a place of the seller, obtaining from the place of the seller a second group of instructions to decode the electronic mail, and loading the second user to use the second group of instructions to -code a new email. More preferably the method is computerized. Billing is done during the order or reception of the second group of instructions. The second group of instructions is an access code for the pre-installed instruction group. The invention also relates to a method of filtering emails from the container, from a first user having a first terminal to the container that is a second user having a second terminal, the electronic mail that is transmitted in a form encoded by the first one. terminal, encoded electronic mail s encoded by means of a key generated by a first key generator using a seed, providing once the second user with the seed to generate a key with a second key generator provided in the second terminal , thus generating a list of trusted senders by the second terminal based on a sender-receiver relationship generated by the seed, and acting during the reception of an email, based on the list. The action can be one of storing, deleting or returning the email. BRIEF DESCRIPTION OF THE FIGURES In the following, the invention will be described with reference to the attached schematic figures, which illustrate the preferred embodiments of the invention in a non-limiting manner: Figure 1 is a flow diagram of the communication stages in a network according to the invention, Figure 2 is a block diagram illustrating a computer terminal, Figure 3 is a flow diagram illustrating the steps of a part of the invention, and Figure 4 is a flow chart illustrating part of the invention. DETAILED DESCRIPTION OF THE INVENTION Basically, the invention allows providing an initiation seed to the system of sending and receiving parts and generates, for each different email, but in each sender / receiver terminal, the same coding keys based on the same seed and without the need to provide the seed every time an email is transmitted. The present invention according to a preferred embodiment is an application, performed as an aggregate to an email program such as Microsoft Outlook, Lotus Notes, Outlook Express, etc. In the following, non-limiting examples are given regarding Microsoft Outlook. However, it is appreciated that the teachings of the invention can be applied to any application / data communication system in general and to the application / mail system in particular. The invention can thus be applied to the -SMS and MMS transmissions as well. Figure 1 illustrates the flow of schematic communication between two users using computer terminals to send and receive emails. The transmission terminal is designated with the number 110 and the receiver with the number 120. Clearly, two terminals are given as an example and the invention can be applied in several terminals. The communication between the terminals is conducted through the Internet or an Intranet using an execution of the e-mail server, for example, Exchange Server. The system of the invention creates a secure way for communication by email. Each sender / receiver relationship between two email addresses is considered unique (channel). The system directs each sender / receiver pair with its own specific coding keys. According to the flow chart of Figure 1, the user of the terminal 110 sends (1) an email to the user of the receiving terminal 120. The terminal 110 is equipped with an application according to the present invention, which Edit the emails. In the following example, it is assumed that the sender has the email address "110@mail.com" and the recipient "120@mail.com". The email message is encoded using a conventional coding algorithm such as SHS-1, Blowfish or the like and secured with a coding key. If the encoding application detects that the receiver is not one of the listed receivers, ie the receiver is not in a register of the receivers provided with a decoding application or decoding password, the application requests the sender to provide a password or initiation secret for the particular receiver. The secret provided by the sender, for example 120xxx, is stored in the system along with other relevant information (such as email addresses) about the receiver. The secret is used: - to generate a key and start a channel that has a key, for example 110120xxx, which is used to transmit emails to the receiver 120; - to generate a key, for example, 120110xxx, which is used when receiving emails from 120; and - generate a unique coding key to transmit the emails. The key generation is described in more detail below. It should be specified that the channel in this one refers to a virtual channel, and involves the sender-receiver relationship that is obtained. If the receiver does not have a decoding application, the email is provided with an uncoded message to the recipient whose email is encrypted and to access (2) a 13O program provider, for example an Internet service provider. , to obtain / download (3) a decoding program. The encrypted email can also be sent as an attachment to the email message (information). If the key is missing, ie the receiver has not received the decoding permission, after the installation of the decoding program, the receiver is instructed to obtain a "secret" to be able to generate a key to decode the email. The receiver can for example call (4) the sender to obtain (~ 6) the secret to start the key generation. When the encryption part is installed and the secret is inserted, the encrypted email can be decoded. The application in the receiver stores the information about the sender and: - generates a key and initiates a channel that has a key, for example, 120110xxx, which is used to transmit emails to the sender 110; - start a channel using a key, for example, 110120xxx, which is used when receiving emails from 120; and generates a unique encryption key to receive emails from the sender 110. Thus, a sender-receiver relationship is created. In the subsequent stages, ie when the relationship is created and the sender and receiver have the keys started, here it is not necessary to change the secrets or passwords again. The sender and receiver applications in each terminal will automatically identify and generate an encoding / decoding key, for example based on the sender / receiver's email addresses. The next time when an email is sent from 110 to 120, the sender's application detects that the receiver 120 is in the registry, and generates a new unique coding key for the email, based on the generated channel. The key is used to encode the message. Along with the email, a dynamic serial number is sent, identifying the order of the email and the key used. At the receiver site, the decoding application detects the dynamic string of the encoding key used to encode the message. The decoding application generates a key based on the dynamic serial number (and stored secret above) and decodes the email. If the dynamic serial number is not in sequence, for example, an email with a lower serial number is received later than one with a higher serial number, the application generates and stores all the keys up to the serial number , which is used to decode the specific encoded email. All stored keys can then be used to decode non-sequenced emails. The coded keys are stored in the memory / store unit and can be destroyed after decoding the corresponding coded e-mail. Thus, the invention can also allow the decoding of emails much later and also in offline mode. The sending party or the application of the e-mail, can supply the message with established parameters that will force the receiving part or the application of the e-mail to take the special action. For example, the sending party may demand that the received message be stored in a particular manner, for example according to the encoded, or not stored. This ensures that the sending party is confident that the messages are stored in the recipient's location in such a way that no unauthorized access to the messages is provided. Other possible instructions are likely and the aforementioned example is only for illustrative and non-limiting purposes of the invention, for example, the sending party may demand an immediate removal of the email message after the examination and not allow it to be stored. in no way for maximum security. Each terminal 210, for example an ordinary PC, schematically illustrated in Figure 2, comprises a main processing unit 240, ROM (Read Only Memory) 250, RAM (Random Access Memory) 260, and a storage unit of the program 270. The ROM contains the group of instructions, for example for the functionality of the terminal. RAM stores the instruction of application programs. The storage unit of the program includes application programs such as an email application, coding and decoding applications, etc. A key generation application 2S0 comprises, in the storage unit or RAM, identical original SID values, also called seeds, preferably in a dynamic and / inter / changeable manner. The storage of the original values preferably takes place in connection with the introductory initiation of the application, and could be advantageously carried out via a secure channel, for example a coded message or a telephone call or the like. Possibly, the original values do not need, nevertheless, to be transmitted physically but on the contrary the users of the units concerned can by themselves enter a pre-agreed value. In addition, the original values can be exchanged, when necessary, but alternatively the same original values are used for the duration of the unit's entire life - which generates keys. In this case, the original values do not need to be stored in dynamic memories, but instead permanent memories can be used. In addition, the key generation application controls a counter 281 to periodically change a count value X, and a calculation unit / application 282 is adapted to generate, in each unit and independently of other units, a key based on the value original, and a count value issued by the counter. Advantageously, however, the counter and the calculation unit can be integrated in the same unit, which can advantageously be the processing unit (CPU). An oscillator 283 or a clock, which could be further integrated into the processor, can advantageously control the counter. Preferably the clock based on real time of the CPU, is used. In addition, the counter is increased in stages, so it becomes easier to keep the terminals in phase with each other (synchronized). Provided that the same original values are stored in the memory and that the counters are synchronized to provide the same count value, the identical keys can be generated in several key generation applications, independently of each other, ie in each terminal that runs the application. These keys can then be used to encode or authenticate the purposes between the terminals. In addition, the key generation units are preferably adapted to detect whether they are synchronized or not, and in case they are not, to implement this synchronization. The detection can be done by means of a particular synchronization test that is performed before the generation of keys. Alternatively, a need for synchronization can, however, be identified when different keys are used, and only after that, the synchronization can be restored. The synchronization can be effected, for example, by the exchange of counting values between the units. According to an example, the calculation unit comprises a calculation algorithm F, which collects the original value (seed), the present key and the count value as input parameters. Then the count value is increased by a number ie = count + count + 1. This calculation algorithm is preferably implemented in the hardware in the calculation unit, or is alternatively stored in a non-dynamic and unchangeable memory. The calculation algorithm preferably generates a 160-bit key, but the keys of other lengths are, of course, also conceivable. Each time an order is given to the key generator to produce a new key, a new 160-bit pseudo-random word is generated, which is calculated on the basis of the "seed" and the count value. The key generation application may further comprise a part of the interface that serves to enable communication between the communication unit and the key generation unit. Preferably, this communication comprises the issuance of instructions, to the key generating unit for generating a key and the issuance of a key generated in this way back to the communication unit. The key generation unit can be implemented in the hardware and executed in the form of an integrated circuit, thereby making it more difficult to manipulate. The circuit can then be added to and used together with essentially any type of communicative unit. For example, it is possible to use the key generating unit according to the invention together with email sending applications. The key generation applications according to the invention can be used for point-to-point communication or authentication, ie between two terminals, or between a central unit, an email server, or several users, clients. Such a central unit preferably comprises a plurality of different key generating applications, one for each client / user / terminal in communication with the central unit. Alternatively, a key unit could comprise several different original values, in which case the command for the key generating unit to generate a key that also comprises the relative information with respect to the original value to be used. It is also possible, for several units to communicate with the central unit, to have identical key generation units, allowing them to communicate with the same key generation unit in the central unit. The following describes a coded transmission or authentication with the help of the system described above. In a first stage, an email is produced and encoded using a key generated by the key generation application in one of the terminals.
The e-mail can comprise one or several attachments, for example the form of processed word file, image file, Java mini-application or any other digital data. Thus, the electronic mail according to the inventions is related to a message with or without an a-nexus. The email is transmitted to the receiving terminal and the receiver is requested to obtain a start value, also called secret or seed. By entering the secret in the decoder application of the receiver, the terminals proposed for future intercommunication are initiated, in which process they are provided with identical original values and preferably they are also synchronized. The system is now ready - to use, and at a later time, which may occur after the lapse of an arbitrary period of time after initiation and at least one of the terminals identifies itself to the other. Identification is achieved when the other terminal determines whether the given identity is known and if it has a corresponding key generation application, ie a key generation application as defined above and with a corresponding original value. If this is the case, the process proceeds to the next stage if the process is not interrupted. The calculated keys are then used to execute the encoded / decoded authentication /. It should be understood, however, that encoded transmission and authentication can, of course, be carried out simultaneously and in the same process. Coding and authentication can be done with the help of essentially any coding algorithm that uses keys, for example as known DES and RC6, Bluefish, etc. Another advantage of the invention is that the application can be used as a filter to block unwanted emails. Currently, hundreds of thousands of advertising emails are sent to recipients. In Outlook, for example, there is a function called "junk mail" that is based on a list of names or some parameters that send the received emails to a junk mail folder. This function, however, does not work when the names of the senders and the content of the junk emails are changed. The invention addresses this problem in the following manner: As mentioned above and with reference to Figure 3, the receiving terminal or server comprises the list of sender-receiver pairs, verifying 300 the address received in the list and comparing 310 the address of the sender with the stored addresses. If the email can be decoded, ie the sender's address is in the list, the email is decoded 320 and delivered to the recipient. If the email can not be decoded, ie the sender's address is not in the list, the email is deleted to a garbage storage or returned to the sender. A message can be attached to the returned email, for example by notifying the sender of unwanted emails that a coding program is necessary to allow the sending of emails to the intended recipient. Of course, the email can be sent by a sender, which is not on the list but which is desired. For this reason the system can store a copy of the email or just notify the receiver so that the sender can be notified to install the -coding application and obtain the receiver's secret. Clearly, the filter / blocking function is an optional application. As mentioned above, the invention also allows a purchase of the application in whole or in part in a simple manner. The graph of Figure 4 illustrates an automatic purchasing system 400. The receiver 401 receives an information email, to which the encrypted email is attached, to obtain a decoding program. Preferably, the decoding program is provided free or with voluntary payment. However, the coding application must be purchased.
When the decoding program is downloaded, the encoding program is also downloaded but can not be used until a license number, password or similar is provided. For this reason, the buyer refers to a purchase address 410, for example on the Internet, from where a license can be obtained. The purchase site may require special information about the country, language, etc., of the buyer so that a correct version can be obtained. Then the buyer is relocated to the order site 420 to provide the transaction information. The payer can make a transaction in a known way, such as payment by credit card, bank transaction, cash payment upon delivery, etc. Depending on the transaction method, clarification 430 or control 440 is made. If the transaction is accepted, the purchase site 420 sends the information to a register 450 and order the delivery department 460. The delivery department sends a program package , a license number or any other information necessary to (install and) run the coding program. A delivery office can deliver the program / license information package. If the program is pre-installed, it can be delivered by email (coded) or download from the site a password / license number. It is also possible to provide the sender's email, informing the receiver to obtain a decoding / encoding application, with a reference to a site including a download of the prepaid program including also the secret to decode the email. However, in this case the receiver must obtain a password or other possibilities to access the program. It is also possible to provide a server arrangement, through which encrypted emails are passed, for example by encapsulating the addresses. In this case, each email can be loaded separately (also called teleprinter) as well without a need to purchase the program (s). The above examples are related to a network where users use two terminals to access e-mails. The invention can also be applied in cases where users use different terminals. In this case the encoding / decoding and seed program can be provided as a mobile application, for example in connectable form of the hardware (for example in the backpack or small USB device), stored in a medium that carries information such as the CD , etc. Thus, each time the email is used, the key / storage must be provided in order to run the encoding / decoding application from it. In a network such as in an organization or company, a server manages the clients in the network of 13 ?. Customers need to create only one secure email channel to the service server and this server then handles secure connections to the other users on the network. Each user is provided with a unique password to access e-mail messages and send e-mail messages according to the present invention. On the other hand, a network administrator can be provided with a main password that allows the administrator to access the messages and manage the accounts. To increase security additionally, it is possible to require the administrator to use a hardware unit that generates a unique sequential number that is used for authentication purposes. This unique sequential number is controlled against another hardware module - or software, placed in for example the central server, the server-based module generates a sequential number that is identical to that generated by the administrators module if it is the correct hardware unit and these are synchronized with each other. If these are identical, the two systems will try to synchronize with each other a certain number of times. Such a hardware unit for the use of an administrator may be provided as, for example, but they are limited to, devices connectable to the hardware using USB (Universal Serial BUS), RS232, RS485, Ethernet, Firewire, Bluetooth, Centronics, SecureDigital, PCMCIA , PC-Card, or similar hardware connectivity standards. It is also possible, instead of the hardware unit, to use a software module located in an administrative PC, work station or similar computing device, or in a storage device of the computer medium connectable to a network or connectable to a computer. device connected to the network under administration. It is also possible to provide the system with compression means for compressing encrypted e-mails. Any conventional compression method can be used. Optionally, encrypted and / or decoded emails can be stored in decoded or encoded form. In this case, it is preferred that the emails be encoded using a password. For security reasons, especially in companies, there must be a personal password and a Master Password (Network Manager). The invention is not limited to the modalities described and illustrated. The invention can be modified within the scope of the appended claims in various ways depending on the applications, requirements and needs.
It is noted that in relation to this date, the best method known to the applicant to carry out the aforementioned invention, is that which is clear from the present description of the invention.

Claims (2)

CLAIMS Having described the invention as above, the content of the following claims is claimed as property:
1. Method for initializing the transmission of an electronic message, preferably an email from a first user having a first terminal to a second user having a second terminal, characterized in that it comprises the steps of: controlling a list for an identity of the second user, receiving a coding key from the first user, establishing a virtual channel based on an identity of the first and second users, sending a first encoded message, which is encoded using the key from the first terminal to the second terminal, and - providing the second user with the encoded key. 2. Method according to claim 1, characterized in that it additionally comprises the steps of: - transmitting the electronic message in a form encoded by the first terminal, the encoded electronic message is coded by means of a key generated by a first key generator using a seed, - once providing the second user with the seed to generate a key with a second key generator provided in the second terminal, - providing and storing the seed in the second terminal, - using the seed through the second terminal to generate a key each time an encrypted electronic message is received from the first user to the second user; - synchronize a count value in each terminal; - generating the key on the basis of the seed and a count value in each terminal, independently of the other terminal, and - obtaining a dynamic serial number for each coded electronic message, used to generate a key for the corresponding encoded message. Method according to claim 1, characterized in that the unique identity is an electronic mail address. Method according to claim 2, characterized in that the seed is only obtained for the first time in the initial time. 5. Method according to claim 2, characterized in that a second seed is obtained if the first seed is unusable. 6. Method according to claim 2, characterized in that the seed is stored in a dynamic and interchangeable manner in at least one terminal, and preferably in all terminals. Method according to claim 1 or 6, characterized in that the count value is generated in a counter in each terminal, the synchronization of the count values involves the synchronization of the counters. Method according to any of claims 1-7, characterized in that after the initial synchronization of the counters, the terminals execute the complementary synchronization steps only when necessary. Method according to any of claims 2-8, characterized in that the operation for generating the key based on the seed and the counting value is carried out by means of a stored calculation algorithm in a non-dynamic way and not interchangeable in at least one of the terminals. Method according to claim 2, characterized in that it comprises the step of generating a reliable list of terminals based on the received seed. 11. Method according to claim 10, characterized in that it comprises accepting emails only from the records in the list. Method according to any of claims 2-11, characterized in that it comprises providing the seed of the first user to the second user through at least one telephone, fax or letter call. Method according to any of the preceding claims, characterized in that the encrypted electronic mail is provided with the encoded attachments together with the electronic mail. 14. Method of compliance with any of the preceding claims, characterized in that a transmission part provides a message with set parameters that force the receiving part to take the special action. Method according to any of the preceding claims, characterized in that a network administrator is provided with a master password that allows the administrator to access the messages and manage the accounts. Method according to claim 15, characterized in that the administrator is provided with a hardware unit that generates a unique sequence number that is used for authentication purposes. 17. A system for transmitting an electronic message, preferably an email from a first user using a first terminal to a second user using a second terminal, characterized in that it additionally comprises: an arrangement for controlling a list for an identity of the second stored user in a memory unit, - an input array for receiving a coded key from the first user, an array for establishing a virtual channel based on an identity of the first and second users, - a communication arrangement for sending a first coded message, it is coded using the key of the first terminal to the second terminal, and - an arrangement to provide the second user with the coded key. 18. System according to claim 17, characterized in that it additionally comprises: means for transmitting the secure electronic mail in the form of an electronic mail encoded by the first terminal, the encrypted electronic mail is coded by means of a key generated by a first key generator using a seed, - means for once providing the second user with the seed to generate a key with a second key generator, - means for providing a means for storing the seed in the second terminal, - means for generating a seed. key each time a coded email from the first user to the second user is received by the second terminal using the seed; - each terminal comprises a key generating unit, the key generating unit comprises a memory, in which identical seeds are stored, a counter for periodically changing a count value, and a calculation terminal adapted to generate in each terminal and independently from other terminals, a key based on the original value and a count value issued from the counter; wherein the terminals are arranged to detect when they are not synchronized and then to re-establish synchronization, and - means to obtain a dynamic serial number for each coded electronic message, used to generate a key for the corresponding encoded message. 19. System in accordance with the claim 18, characterized in that the memory for storing the seed in at least one of the terminals is a dynamic memory arranged to store the seed-in a dynamic and interchangeable manner. System according to any of claims 17 to 18, characterized in that the calculation unit of at least one of the terminals comprises a calculation algorithm, which is stored in a non-dynamic and non-ambiguous manner, and which it is preferably a hardware implemented. 21. System according to any of claims 17 to 19, characterized in that one of the terminals is a central terminal comprising a plurality of seeds for secure encoded transmission involving several different terminals that have an original value each. 22. System according to any of claims 17 to 20, characterized in that it comprises a first unit for generating a unique sequence of numbers, which is controlled against a second unit, located in the system, which generates a sequential number that is identical to one generated by the first unit, and if it is a correct unit, these are synchronized with each other. 23. Product of the computer program - to transmit a secure email from a first user who has a first terminal to a second user who has a second terminal, characterized in that it comprises a code for: - controlling the list for a second user's identity , receive a coding key of the first user, - establish a virtual channel based on an identity of the first and second users, send a first encoded message that is encoded using the key from the first terminal to the second terminal, and - provide the second user with the encoded key. 24. Computer program product according to claim 23, characterized in that it additionally comprises a code for: - encoding and transmitting the electronic mail of the first terminal, r generating a key using the first seed in the first terminal, - obtaining the seed to generate a key with a second key generator in the second terminal, - store the seed in the second terminal, generate a key each time a coded email from the first user to the second user is received by the second terminal using the seed stored; - obtain a dynamic serial number for each encrypted email; used to generate a key for the corresponding encoded email, - generate a key for the corresponding encoded email using the dynamic serial number, - synchronize a count value in each terminal; and - generate the key in the base of the seed and a count value in each terminal, independently of the other terminal. 25. Propagated signal for transmitting a secure email from a first user having a first terminal to a second user having a second terminal, characterized in that it comprises a code for: controlling a list for an identity of the second user, - receiving a key encoded from the first user, establishing a virtual channel based on an identity of the first and second users, sending a first coded message, which is coded using the key from the first terminal to the second terminal, and - providing the second user with the coded key .
2 . Propagated signal according to claim 25, characterized in that it additionally comprises the code for: - establishing a virtual channel based on email addresses of the first and second users, - coding and transmitting the email of the first terminal, - generating a key using the first seed in the first terminal, - obtain the seed to generate a key with a second key generator in the second terminal, - store the seed in the second terminal, generate a key each time a coded email of the first user the second user is received by the second terminal using the stored seed; - obtain a dynamic serial number for each encrypted email; - generate a key for the corresponding encoded email using the dynamic serial number, - synchronize a count value in each terminal; Y - generate the key based on the seed and a count value in each terminal, independently of the other terminal. 27. Computer-readable medium that has stored in it the sets of instructions for transmitting a secure email from a first user who has a first terminal to a second user who has a second terminal, the set of instructions is characterized in that it comprises a code for: controlling a list for an identity of the second user, - receiving a coding key from the first user, establishing a virtual channel based on an identity of the first and second users; sending a first coded message, which is encoded using the key of the first terminal to the second terminal, and - providing the second user with the code key. 28. Medium according to claim 27, characterized in that the medium is a memory unit comprising; - coding and transmitting the email of the first terminal, - generating a key using the first seed in the first terminal, - obtaining the seed to generate a key with a second key generator in the second terminal, - storing the seed in the second terminal, second terminal, generating a key each time an encoded email from the first user to the second user is received by the second terminal using the stored seed; - obtain a dynamic serial number for each encrypted email; - generate a key for the corresponding encoded email using the dynamic serial number, - synchronize a count value in each terminal; and - generate the key in the base of the seed and a count value in each terminal, independently of the other terminal. 29. Medium according to claim 28, characterized in that the medium is a memory unit.
MXPA06002729A 2003-09-12 2004-09-13 Message security. MXPA06002729A (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US50225403P 2003-09-12 2003-09-12
SE0302456A SE527561C2 (en) 2003-09-12 2003-09-12 Electronic mail transmission method in internet environment, involves storing seed for key generation provided from sender's terminal, in receiver's terminal
SE0400238A SE0400238D0 (en) 2003-09-12 2004-02-04 Message security
PCT/SE2004/001314 WO2005027404A1 (en) 2003-09-12 2004-09-13 Message security

Publications (1)

Publication Number Publication Date
MXPA06002729A true MXPA06002729A (en) 2006-09-04

Family

ID=34317277

Family Applications (1)

Application Number Title Priority Date Filing Date
MXPA06002729A MXPA06002729A (en) 2003-09-12 2004-09-13 Message security.

Country Status (8)

Country Link
EP (1) EP1665625A1 (en)
KR (1) KR20070015359A (en)
AU (1) AU2004303326B2 (en)
BR (1) BRPI0414348A (en)
CA (1) CA2538029A1 (en)
IL (1) IL174176A (en)
MX (1) MXPA06002729A (en)
WO (1) WO2005027404A1 (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8788350B2 (en) 2008-06-13 2014-07-22 Microsoft Corporation Handling payment receipts with a receipt store
AU2016203876B2 (en) * 2009-05-15 2018-05-10 Visa International Service Association Verification of portable consumer devices
US9165285B2 (en) 2010-12-08 2015-10-20 Microsoft Technology Licensing, Llc Shared attachments
US11308449B2 (en) 2011-04-28 2022-04-19 Microsoft Technology Licensing, Llc Storing metadata inside file to reference shared version of file
US10552799B2 (en) 2011-04-28 2020-02-04 Microsoft Technology Licensing, Llc Upload of attachment and insertion of link into electronic messages
US9137185B2 (en) 2011-04-28 2015-09-15 Microsoft Technology Licensing, Llc Uploading attachment to shared location and replacing with a link
US10185932B2 (en) 2011-05-06 2019-01-22 Microsoft Technology Licensing, Llc Setting permissions for links forwarded in electronic messages

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7120696B1 (en) * 2000-05-19 2006-10-10 Stealthkey, Inc. Cryptographic communications using pseudo-randomly generated cryptography keys
US7149308B1 (en) * 2000-11-13 2006-12-12 Stealthkey, Inc. Cryptographic communications using in situ generated cryptographic keys for conditional access

Also Published As

Publication number Publication date
IL174176A (en) 2011-11-30
AU2004303326B2 (en) 2009-02-19
WO2005027404A1 (en) 2005-03-24
BRPI0414348A (en) 2006-11-14
KR20070015359A (en) 2007-02-02
IL174176A0 (en) 2006-08-01
EP1665625A1 (en) 2006-06-07
WO2005027404B1 (en) 2005-06-16
AU2004303326A1 (en) 2005-03-24
CA2538029A1 (en) 2005-03-24

Similar Documents

Publication Publication Date Title
US7600121B2 (en) Message security
US20070172066A1 (en) Message security
ZA200601931B (en) Message security
CN104270338B (en) Method and its system that a kind of electronic identity registration and certification are logged in
CA3010336C (en) Secure information transmitting system and method for personal identity authentication
CN101938471B (en) Method for managing public and secret key pairs of public key cryptography
JP5802137B2 (en) Centralized authentication system and method with secure private data storage
CN110868301B (en) Identity authentication system and method based on state cryptographic algorithm
CN103918219B (en) Based on the method and apparatus of the electronic content distribution of privacy share
CN109034793A (en) Digital cash method of commerce and digital cash wallet hardware based on block chain
CN1711738A (en) Providing a user device with a set of access codes
CN101405759A (en) Method and apparatus for user centric private data management
CN101577917A (en) Safe dynamic password authentication method based on mobile phone
CN103985036A (en) Two-dimension code payment method with biological characteristics
JP2002032344A (en) Method and device for providing contents
CN101336437A (en) A communication system for providing the delivery of e-mail message
CN107332666A (en) Terminal document encryption method
IL174176A (en) Message security
US20170154329A1 (en) Secure transaction system and virtual wallet
CN109600296A (en) A kind of certificate chain instant communicating system and its application method
JPH11298470A (en) Key distribution method and system
CN100530028C (en) Method and system for controlling the disclosure time of information
RU2373653C2 (en) Safety of messages
CN110766487A (en) Kitchen equipment leasing method and device, storage medium and electronic equipment
US8843746B2 (en) Method and arrangement for sending and receiving confidential electronic messages in a legally binding manner

Legal Events

Date Code Title Description
FG Grant or registration