|
| 
Get related patents on CD |
| United States Patent | 5958005 |
| Link to this page | http://www.wikipatents.com/5958005.html |
| Inventor(s) | Thorne; John (Washington, DC); Davis; Marie L. (Germantown, MD); Strauss; Michael J. (Potomac, MD) |
| Abstract | A method, system, and product for communicating data text messages, such as
E-Mail, between computers connected to a network while providing
selectable degrees of security for each message. The methodology comprises
the procedure of creating in the originating computer a data message
having a header which specifies, in addition to the address of the
intended recipient computer, one or more security parameters which control
the processing of the data message in the recipient computer. The security
parameters include instructions for erasure of the data message following
its storage in the recipient computer. The security parameters also
include instructions as to whether or not copying, archiving, forwarding
and printing of the data message is permitted. The recipient computer
processes the data message in accord with the instructions. The erasure is
of such a nature as to render the data message irretrievable following
erasure. |
| |
 |
Title Information  |
|
|
|
|
|
Drawing from US Patent 5958005 |
|
|
Electronic mail security |
|
|
|
|
|
| Publication Date |
September 28, 1999 |
|
|
|
|
|
| Filing Date |
July 17, 1997 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
 |
|
 |
Title Information |
|
|
|
References |
|
|
| *references marked with an asterisk below are user-added references |
 |
U.S. References |
|
|
| Add a new US reference: |
| | Reference | Relevancy | Comments | Reference | Relevancy | Comments | 5864683
Boebert
709/249
Jan,1999 |  Your vote accepted
[0 after 0 votes] | | 5838685
Hochman
370/428
Nov,1998 | Your vote accepted
[0 after 0 votes] | | 5826269
Hussey
707/10
Oct,1998 | Your vote accepted
[0 after 0 votes] | | 5822527
Post
709/206
Oct,1998 | Your vote accepted
[0 after 0 votes] | | 5812669
Jenkins
713/161
Sep,1998 | Your vote accepted
[0 after 0 votes] | | 5786817
Sakano
345/619
Jul,1998 | Your vote accepted
[0 after 0 votes] | | 5765152
Erickson
707/9
Jun,1998 | Your vote accepted
[0 after 0 votes] | | 5717742
Hyde-Thomson
379/88.17
Feb,1998 | Your vote accepted
[0 after 0 votes] | | 5633932
Davis
713/176
May,1997 | Your vote accepted
[0 after 0 votes] | | 5625818
Zarmer
707/104.1
Apr,1997 | Your vote accepted
[0 after 0 votes] | | 5600834
Howard
707/201
Feb,1997 | Your vote accepted
[0 after 0 votes] | | 5598279
Ishii
358/402
Jan,1997 | Your vote accepted
[0 after 0 votes] | | 5568540
Greco
379/88.25
Oct,1996 | Your vote accepted
[0 after 0 votes] | | 5504897
Gans
707/104.1
Apr,1996 | Your vote accepted
[0 after 0 votes] | | 5412717
Fischer
713/156
May,1995 | Your vote accepted
[0 after 0 votes] | | 5406557
Baudoin
370/407
Apr,1995 | Your vote accepted
[0 after 0 votes] | | 5388256
Herbert
707/8
Feb,1995 | Your vote accepted
[0 after 0 votes] | | 5327555
Anderson
Jul,1994 | Your vote accepted
[0 after 0 votes] | | 5170479
Takamoro
707/3
Dec,1992 | Your vote accepted
[0 after 0 votes] | | 5123104
Levine
707/1
Jun,1992 | Your vote accepted
[0 after 0 votes] | | 5109508
Mitsumori
707/1
Apr,1992 | Your vote accepted
[0 after 0 votes] | | 5051891
MacPhail
707/200
Sep,1991 | Your vote accepted
[0 after 0 votes] | | 5014234
Edwards, Jr.
726/33
May,1991 | Your vote accepted
[0 after 0 votes] | | 4935954
Thompson
379/88.04
Jun,1990 | Your vote accepted
[0 after 0 votes] | | 4899299
MacPhail
707/204
Feb,1990 | Your vote accepted
[0 after 0 votes] | | 4881179
Vincent
358/1.14
Nov,1989 | Your vote accepted
[0 after 0 votes] | | |
|
 |
|
|
|
U.S. References |
|
|
|
Foreign References |
|
|
|
|
|
|
|
|
Foreign References |
|
|
|
Other References |
|
|
|
|
|
|
|
|
Other References |
|
|
|
|
|
|
|
References |
|
|
|
Description |
|
|
FIELD OF THE INVENTION
This invention relates in general to methods and systems for managing the security of electronic documents stored in an interactive information handling system, and more particularly relates to the controlling of the confidentiality of electronic
mail communications over networks.
BACKGROUND
In recent years business communications have relied increasingly on exchanges of electronic or E-Mail via desk top or portable computers. Generally speaking E-Mail constitutes a store and forward service for transmission of textual messages
transmitted in machine readable form from a computer terminal or computer system. The message sent from one computer user to another is stored in the recipient's mailbox or post office until that person next logs onto the system. The system can then
provide for retrieval and delivery of the message.
While this form of communication is now in widespread use, employees and business people in general have been prone to employ less than adequate procedures to protect the confidentiality of many business communications. While most business
people recognize that a written document provides a relatively permanent record, they mistakenly assume that an E-Mail message does not. In fact, most E-Mail messages today are readily copied, printed or forwarded, without the sender's knowledge or
control. Also, techniques exist for finding and capturing old E-Mail messages that may be stored or once were stored on disk drives in any one of a large number of networked computers or servers. As a result of these factors, it currently is very
difficult for a business to ensure that there are no E-Mail messages containing confidential materials or inappropriate comments, which later might be discovered and retrievable by other parties.
While the patent literature contains certain discussions of aspects of electronic document management, it fails to address the particular problem outlined hereinabove.
U.S. Pat. Nos. 4,899,299 and 5,051,891 to MacPhail, respectively entitled Method for Managing The Retention of Electronic Documents in an Interactive Information Handling System, and Method to Manage Transfer of Ownership of Electronic
Documents Stored in an Interactive Information Handling System, issued Feb. 6, 1990 and Sep. 24, 1991, discuss document retention and deletion methodology. Although there is no express mention of E-Mail, the text suggests that the documents range from
memos and messages to long reports. The originator of a document specifies an ownership expiration date, and the enterprise operating the system establishes an expiration date. An algorithm causes deletion of a document from storage when a particular
relationship exists among the current date and the two expiration dates. For example, the system deletes a message if the current date is later than both of the expiration dates.
U.S. Pat. No. 5,568,540 to Greco et al., entitled Method and Apparatus for Selecting and Playing a Voice Mail Message, issued Oct. 22, 1996, deals with displaying voice mail message information and playing voice mail through a computer
speaker. The disclosed system may provide a display of messages that can be merged into a single list, including E-Mail messages. As an additional feature, this patent suggests that if a sender does not want the recipient to copy the message for
further distribution to others, the sender may designate the message as "Private." The system does not allow copying of such a "Private" message from one mail box to another.
U.S. Pat. No. 4,935,954 to Thompson et al., entitled Automated Message Retrieval System, issued Jun. 19, 1990, discloses an automated message retrieval system. A computer automatically performs various procedures, including deletion of the
retrieved messages from storage in the message service computer.
U.S. Pat. No. 5,014,234 to Edwards, Jr., entitled System With Software Usage Timer and Counter for Allowing Limited Use but Preventing Continued Unauthorized Use of Protected Software, issued May 7, 1991, pertains to prevention of continued
unauthorized use of protected software. Copies of software are installed for a limited time. If the software is not registered within the time limit, the software is disabled. The system provides a notice indicating an impending software
"Self-Destruct" in the event of failure to register.
U.S. Pat. No. 5,600,834 to Howard, entitled Method and Apparatus for Reconciling Different Versions of a File, issued Feb. 4, 1997, deals with reconciling different versions of the files stored in computers at two or more separate locations or
sites. Howard utilizes journals or logs of work performed on each file.
Numerous E-Mail applications or programs are currently available commercially. Many of these applications come from personal computer software companies. Examples include Word Perfect Office, Lotus Notes, CCmail, Microsoft Mail, etc. In the
computer conferencing area a number of systems have become available. These include Lotus Notes EIES 2, First Class, and SuperKOM. The available systems, for the most part, provide deletion of messages only upon positive action of the recipient or upon
the volume of stored data reaching some predetermined threshold. However, SuperKOM has a provision for deleting messages after a certain time unless the user has taken positive steps to so mark the messages as to prevent deletion. SuperKOM has both a
personal data base for each user and a common data base for all users connected to the same server. Users of SuperKOM can use search keys on messages in the central data base. Such keys are one way of stopping messages from being deleted. It is also
possible to protect messages from being purged in the personal data base of an individual SuperKOM user.
However, these capabilities fall far short of satisfying business needs for managing and protecting the confidentiality of electronic mail communications. Those needs include capabilities to control not only the circulation of messages or
electronic documents by the originator, but also the usage of the documents by the recipient for further dissemination and storage. Thus there is an existing need to provide to an E-Mail originator or sender the capability to control the ability of the
recipient to copy, forward, print, and store the document. Still further, there is a need for an erasure procedure that goes beyond deletion and precludes recovery.
SUMMARY OF THE INVENTION
It is a primary object of the invention to provide a method and system for satisfying the above described needs.
It is a further object of the invention to satisfy those needs in an effective yet user friendly and readily administered fashion.
One example of the conventional processing of E-Mail in a typical corporate local area network or LAN is preliminarily described to provide a context for a discussion of the methodology of the invention.
In this example of a corporate or business network, each department of the business is provided with its own server. Each such server is a host to a multiplicity of work stations or client computers in that department. Each server and each
server client runs the same E-Mail application and each server provides a departmental post office which is subdivided into a plurality of work group or client post offices. The work group post offices serve the individual work stations or client
computers in that work group. The term post office is here used to indicate a collection of mail boxes which reside on the respective server.
In sending an E-Mail message in this architecture arrangement, an employee at a work station or client computer composes a message on that computer. This results in the creation of a copy of that message on the hard drive of the composing
employee's computer. The computer is connected to the host server and the server also has a copy of the message in its memory. The server includes a mail exchange agent which acts as a store and forward node in transport of the message either to
another work station within the same department or to another department. Here it is assumed that the single server acts to deliver the message to a recipient client computer in the same department.
In this typical scenario a copy of the message now exists on a disk at each of the five different agents. These include (1) the hard drive of the composing employee, (2) a first position of a post office disk of the server (sender mail box), (3)
a second position of a disk serving as the exchange agent of the server, (4) a third position in the post office disk of the server (recipient mail box), and (5) the hard drive of the recipient or addressee computer. If the message goes to another
department it will pass through at least one additional server, and there will be even further instances of storage of the message.
With respect to the duration of retention of the message, the second, third, and fourth instances of storage of the message, namely, those under control of the server, are deleted in a routine maintenance cycle pursuant to predetermined tables.
The deletion of the first and fifth instances of storage of the message, namely at the computers of the originator and recipient, are under control of the originator and recipient. If the recipient copies, archives or forwards the message, additional
instances of storage are created. Still further, the recipient may print the message and thereby create a hard copy susceptible to unlimited copying.
In conventional practice the erasure of records normally constitutes deletion. However, when files are deleted the data is not physically removed from the disk. Typically, some or all of the characters constituting the file name or address are
altered with a special character or erased from the internal file allocation address table. This has the effect of rendering the disk space occupied by the file available for reuse, i.e., the file is marked for deletion. Until the space is reused it is
possible to "undelete" and recover the file data. Further, techniques are available which make possible the recovery of data even after the disk space has been reused, depending upon the extent of reuse.
Compacting of data to recover disk space is a process which normally involves a single overwrite operation of data. Such a single overwrite normally will not prevent recovery of the overwritten data. The National Security Agency (NSA)
specification for data erasures require that the file be written over seven times using an alternating byte write sequence of: 00, FF, 00, FF, 00, FF, F6. Normal commercially available Disk CleanUp erasures simply write the F6 character to deleted
files.
It is a primary object of the invention to provide a method for managing the retention of preselected data in a manner to effectuate the desired degree of security for designated information.
It is another object of the invention to provide a methodology for achieving this goal in a straight forward, user-friendly manner.
With the foregoing ends in view, the invention finds embodiment in certain combinations of elements, system architectures, methodologies, and series of steps by which the objects aforementioned and certain other objects are hereinafter attained,
all as more fully described with reference to the accompanying drawings and the scope of which is more particularly pointed out and indicated in the appended claims.
BRIEF DESCRIPTION OF DRAWINGS
FIG. 1 is a diagrammatic illustration of the architecture of a typical network, such as a Local Area Network (LAN) in which the method of the invention may be implemented according to a preferred embodiment.
FIG. 2 | | |
